react-script-editor - cannot add two body #5196
Labels
sample: react-script-editor
type:bug-suspected
Suspected bug (not working as designed/expected). See type:bug-confirmed for confirmed bugs
Comments
RickyLeungFWD
added
the
type:bug-suspected
|
😂 sorry for the laugh emoji, but this web part is all about script/html/css injection, and why you should not use it in the first place. Called out in the readme https://github.com/pnp/sp-dev-fx-webparts/blob/main/samples/react-script-editor/README.md#deploy-to-non-script-sites--modern-team-sites And you can inject on any tag as the entire DOM is available. |
yes i understand |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Disclaimer
Yes
Sample
react-script-editor
Contributor(s)
@wobba @salascz @felixbohnacker
What happened?
And we are not looking for perfect bug prevention offering from the "Javascript Editor", but 2 tags issue indicates that the "Javascript Editor" have high risk of insecure html code injection.
Steps to reproduce
#1. Add the scripts to the "Script Editor", save, and publish
<title>Javascript inject issue 02</title> <style> body { font-family: Arial, sans-serif; } </style>#2. open the page, the invalid formatted html is loaded to the page.
javascript inject testing
<script> function gpShowAlert() { console.info('javascript at invalid location 02'); } gpShowAlert(); </script>Expected behavior
invalid html should not be loaded successfully.
Target SharePoint environment
SharePoint Online
Developer environment
Windows
Browsers
What version of Node.js is currently installed on your workstation?
we only is sharepoint online does not work
What version of Node.js is required by the sample?
we only is sharepoint online does not work
Paste the results of SPFx doctor
run this on sharepoint admin site?
Additional environment details
No response
The text was updated successfully, but these errors were encountered: