Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

XSS: dangerouslySetInnerHTML in chart component renders unsanitized content #59

Open
Labels
advancedComplex issues requiring experienced contributors bugSomething isn't working

Description

Issue

src/components/ui/chart.tsx:81 uses dangerouslySetInnerHTML to render chart content:

<div dangerouslySetInnerHTML={{ __html: ... }} />

Why this matters

If any chart data (labels, tooltips, axis values) comes from user-submitted content like course names, professor names, or review text, malicious HTML could be injected. Even if data is currently from trusted sources, this creates a persistent XSS vector if the data source changes in the future.

Fix

Use DOMPurify or sanitize at the data layer before passing to the chart component.

Metadata

Metadata

Assignees

No one assigned

    Labels

    advancedComplex issues requiring experienced contributors bugSomething isn't working

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions

        AltStyle によって変換されたページ (->オリジナル) /