Lawrence
Results
2
issues of
Lawrence
Change .html to .text in setting up options label to prevent XSS vulnerability.
There's a XSS vulnerability when options data has executable JS content. Under _addOption function (line:874), the initialization of `thisOption` var is using .html which allows executable JS contents to run....