Hello team,
I'm currently using the DropdownTags component in ODC, and I noticed a security issue. When a value like the following is included:
"//-alert(1);</script>"'><img src=x onerror=alert(JSON.stringify(document))>
it gets rendered in a way that allows JavaScript to execute, which leads to a potential XSS (Cross-Site Scripting) vulnerability.
Has anyone encountered this before, or do you know how to properly sanitize the input to prevent script execution?
Input Validation: Validate and sanitize all user inputs before processing
Output Encoding: Properly encode data when rendering it in HTML contexts