Combobox has XSS vulnerability by default.
Sample is there; https://snippet.dhtmlx.com/92naz1su
Is a fix planned? Another components are safe from XSS until HTML is enable, so combobox is opposite.
Combobox has XSS vulnerability by default.
Sample is there; https://snippet.dhtmlx.com/92naz1su
Is a fix planned? Another components are safe from XSS until HTML is enable, so combobox is opposite.
Thank you for your report. The problem is confirmed. We’ll try to fix it in future updates.
We have added the htmlEnable property for the dhx.Combo in the latest (7.3) dhx.Suite update.
Please, try to download the latest available build from your client’s area to get that functionality.
You can also check it here:
https://snippet.dhtmlx.com/l52qk8qi