Bug #17698
Updated by Nicolas CHARLES almost 4 years ago
Trees in Directives and Active Technique pages display tooltips containing the description of the Technique. However, this tooltip evaluates everything that is in the description, especially Javascript, that would get executed when hovering over i created a malicious Technique For instance, creating a technique with decription <script>alert("bob");</script> and when hovering over the technique in directives page or the active technique page shows page, the alert Escaping the content of the tooltip fixes the issue shows up