bito-code-review[bot] commented on PR #38069: URL: https://github.com/apache/superset/pull/38069#issuecomment-3920922700
<!-- Bito Reply --> The security alert flags a potential XSS vulnerability in the postForm method of SupersetClientClass.ts, where payload values are assigned to form input values without escaping HTML meta-characters. If these values are displayed as HTML on the target page after form submission, it could allow script injection. The diff shows changes to how the payload is handled, but the full method isn't visible. Sanitize or escape payload values before setting them to prevent reinterpreting text as HTML. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
