XML

Word

Printable

Type: Bug
Resolution: Fixed
Fix Version/s: translate5 - 7.33.0
Affects Version/s: None
Component/s: Editor general

Urgency:
Critical
ChangeLog Description:
Solve an XSS attack vector in segment content.
Checklist:

Empty

show more show less

problem

Segment editing allows XSS attacks. Ordinary attack vectors (img onload, script tags) are recognized and prevented already.

Additional vectors were found. See PDF in linked TS Issue.

solution

Include a more sophisticated lib to filter out the described, other possible attack vectors. Allow only the needed HTML in segment content.

blocks

TRANSLATE-5154 Escape Html content on rendering

Done

Assignee:: Thomas Lauria
Reporter:: Thomas Lauria
Peer developer:: Leon Kiz
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 15/Oct/2025 06:25
Updated:: 4 days ago 10:15
Resolved:: 12/Jan/2026 05:46