Open Closed

HTML Injections #2338

User avatar
0
ibrahim.onat created
  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages

Go to accepted answer
2 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    thanks, we will take care of it. internal issue #8758

  • User Avatar
    1
    Mehmet created

    Hi,

    For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

    Thanks!

Assignee
User avatar Mehmet
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 27, 2025, 08:34