lucianot54
lucianot54
@kiere, you need just be careful if you use Tooltip, Autocomplete and Toast. If you didn't use this JavaScript feature, you can ignore warnings. The problem is MaterializeCss does not...
Of my point of view, MaterializeCSS is a popular framework and it can offer more securities by default. I found many vulnerables developments who can to be avoid with a...
To understand the problem with autocomplete, you can check here https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js#L384 `${entry.data}` and `{entry.key}` is used without control. If you have a script in the array, you inject it in...
@Divine1 If you want mores XSS examples: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet If you want use 1, I recommend you this one: `` ``` M.toast({html: ``}); ``` ``` $('.tooltipped').tooltip({ html : `` }); ```...