LeafKit 1.3.0: Fix potential XSS attack when rendering tags

We've just released LeafKit 1.3.0 which fixes a potential XSS vulnerability. Previously rendered variables were not escaped which could allow an attacker to inject in malicious code to your site.

Note: if you have custom tags that rely on HTML being rendered then these should now conform to UnsafeUnescapedLeafTag instead. If you were relying on the Leaf variable tag to render HTML, this should now be migrated to use unsafeHTML.

1 Like
Terms of Service

Privacy Policy

Cookie Policy