Fix Critical XSS Vulnerability ({@html} without sanitization) #1

New Issue

Closed

opened 2026-04-03 12:22:13 +02:00 by schreifuchs · 0 comments

schreifuchs commented 2026-04-03 12:22:13 +02:00

Owner

Copy Link

Copy Source

Where: src/routes/akti/[aktiId]/+page.svelte
Why: Rendering user input via {@html data.akti.body} without sanitization allows malicious scripts to be injected.
Fix: Use the already installed sanitize-html library on the server to sanitize changeRequest.body before updating/inserting into the database.

**Where:** `src/routes/akti/[aktiId]/+page.svelte` **Why:** Rendering user input via `{@html data.akti.body}` without sanitization allows malicious scripts to be injected. **Fix:** Use the already installed `sanitize-html` library on the server to sanitize `changeRequest.body` before updating/inserting into the database.

schreifuchs added the ai-generated label 2026-04-03 12:26:21 +02:00

schreifuchs referenced this issue from a commit 2026-04-03 13:04:13 +02:00

fix: sanitize html input (resolves #1)

schreifuchs referenced a pull request that will close this issue 2026-04-03 13:04:16 +02:00

Fix XSS Vulnerability #17

schreifuchs closed this issue 2026-04-03 13:09:45 +02:00

schreifuchs referenced this issue from a commit 2026-04-03 13:09:47 +02:00

fix: XSS Vulnerability (#17)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/import-ecamp

v0.1.0

v0.0.1

v0.0.0

Labels

Clear labels

ai-generated

Generated by AI

No Label ai-generated

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

schreifuchs

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: schreifuchs/aktiteil#1