Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-676

tooltiptext attribute doesn't escape HTML

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • 5.0.10
    • 5.0.7
    • None

      If you bind a value to a tooltiptext attribute and that value is something like '/><script>alert("Hi!")</script><!--', the HTML doesn't get escaped and is executed. This doesn't happen with Label, I think.

            benbai benbai
            guilty guilty
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: