Watch

Welcome to the Angular feedback portal. We’re happy you’re here! If you have feedback on how to improve the Angular, we’d love to hear it!

Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

Votes

XSS issue when utilizing the highlightSearch feature and setting the filterquery parameter without a value Completed

: Mar 19, 2024 9:00 AM

: Apr 10, 2024 8:31 AM

: Bug Report

: MultiSelectDropdown

: 25.1.35

: Vol 1 2024 - SP (May 08, 2024)

: Mar 19, 2024 9:00 AM

: Bug Report

: MultiSelectDropdown

XSS issue when utilizing the highlightSearch feature and setting the filterstring parameter without a value. issue reproduced in autocomplete also

Sample:

https://stackblitz.com/edit/github-uii5kx?file=src%2Fapp.component.ts

Replication Procedure:

Run the sample
open the popup
you can see the issue

Expected Behavior: Xss issue should not occur

Actual Behavior: XSS issue when utilizing the highlightSearch feature and setting the filterquery parameter without a value.

1 COMMENT