Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Report][2.6.9] xss in v-calendar #15757

Closed
5v3n-08 opened this issue Sep 8, 2022 · 0 comments
Closed

[Bug Report][2.6.9] xss in v-calendar #15757

5v3n-08 opened this issue Sep 8, 2022 · 0 comments
Assignees
@KaelWD
Labels
C: VCalendar VCalendar P: high The issue is of high importance T: bug Functionality that does not work as intended/expected
Milestone
v2.6.x

Comments

@5v3n-08
Copy link

5v3n-08 commented Sep 8, 2022

Environment

Vuetify Version: 2.6.9
Vue Version: 2.6.14
Browsers: Chrome 105.0.0.0
OS: Mac OS 10.15.7

Steps to reproduce

Open the link and see the alert with xss.

Expected Behavior

Not use plain html

Actual Behavior

html is used and open an alert

Reproduction Link

https://codepen.io/5v3n-08/pen/MWGKEjY

Other comments

Only work if this property is set
:event-name="getCalendarEventName"
@KaelWD KaelWD added T: bug Functionality that does not work as intended/expected P: high The issue is of high importance C: VCalendar VCalendar and removed S: triage labels Sep 8, 2022
@KaelWD KaelWD self-assigned this Sep 8, 2022
@KaelWD KaelWD added this to the v2.6.x milestone Sep 8, 2022
@KaelWD KaelWD closed this as completed in ade1434 Sep 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KaelWD KaelWD

Labels
C: VCalendar VCalendar P: high The issue is of high importance T: bug Functionality that does not work as intended/expected
Projects
None yet
Milestone
v2.6.x
Development

No branches or pull requests
2 participants
@KaelWD @5v3n-08