Combo with htmlEnable
flag on false
value works improperly - default template of list item is presented as text. There is sample: https://snippet.dhtmlx.com/q9ud3are
htmlEnable
flag as true
is vulnerable for xss.
Combo with htmlEnable
flag on false
value works improperly - default template of list item is presented as text. There is sample: https://snippet.dhtmlx.com/q9ud3are
htmlEnable
flag as true
is vulnerable for xss.
Hello.
Thank your for your report. The problem is confirmed. We’ll try to fix it in one of the future updates.
I’ll inform you as soon, as the fix becomes available.
Hello.
We have fixed your reported problem with the htmlEnable: false usage in the dhx.Combo in the latest dhtmlxSuite update (v8.0.1).
Now the options non-html options should display correctly in this mode.
You can test it in your original snippet.
Please, download the latest available dhx.Suite build from your client’s area to get that fix.
Thank you for your report.
Best regards.