You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that the only way the messages properly render from the renderValidationScript is by setting the default codec to 'none'. Otherwise the quotes around the messages are escaped.
This leaves the application vulnerable. Should be able to encode your page as html, but have the output from the tag not be encoded.
The text was updated successfully, but these errors were encountered:
It appears that the only way the messages properly render from the renderValidationScript is by setting the default codec to 'none'. Otherwise the quotes around the messages are escaped.
This leaves the application vulnerable. Should be able to encode your page as html, but have the output from the tag not be encoded.
The text was updated successfully, but these errors were encountered: