Abp framework use toastr component as toaster to show messages. Our issue with the toastr is that it is deprecated and has XSS Vulnerability issue in high rate, you can check link: https://security.snyk.io/vuln/SNYK-JS-TOASTR-2396430. Do you have any plan to replace it with another toaster component? If not what is your suggestion to bypass this security issue?
- ABP Framework version: v5.3.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace: yes
- Steps to reproduce the issue:
- Open separated Idenitity project
- Use Wappalyzer chrome addon
3 Answer(s)
-
0
Are you sure your UI is angular? I have checked, and Angular does not use the Toastr library. MVC and blazor is used. I have redirect the issue MVC or Blazor team.
or maybe that page is in the server side so you can use resource owner flow. https://docs.abp.io/en/abp/latest/UI/Angular/Authorization#resource-owner-password-flow
-
0
Hi Mahmut
It is MVC the UI in Identity is using
-
0
hi
You can use the high version of the package in
package.json, and we will also upgrade it in the new version.
