白源扫描报告和AngularJS 1.4.7
[英]Whitesource scan report and AngularJS 1.4.7
问题描述
I am getting the following Vulnerability issue: 
我遇到以下漏洞问题:
Angular-1.4.7.min.js
No proper sanitize of xlink:href attribute interoplation, thus vulnerable to Cross-site Scripting (XSS).
WS-2017-0120 2017-01-20
angular-1.4.7.min.js Latest Stable Version: 1.7.5
No proper sanitize of xlink:href attribute interoplation, thus vulnerable to Cross-site Scripting (XSS).
Replace or update the following files: compileSpec.js, compile.js
Details: 细节:
Link Can someone please tell me what exactly do I need to do with the provided link? 链接有人可以告诉我使用提供的链接到底需要做什么?
2 个解决方案
解决方案1
0 2019-04-23 19:02:46
根据您链接到的提交的建议,将AngularJS升级到1.50-beta.1版本或修复有问题的行。
解决方案2
0 2019-04-24 13:58:48
Most javascript-client frameworks "XSS" vulnerabilities are just XSS defense bypass vulnerabilities, and requires an additional initial entry point (giving the user an explicit ability to modify an attribute\\property) or XSS in order to actually exploit it. 大多数javascript客户端框架“ XSS”漏洞只是XSS防御绕过漏洞,并且需要附加的初始入口点(使用户具有明确的修改属性\\ property的能力)或XSS才能真正利用它。 This seems like another one of these cases similar to this one: Is Bootstrap 3.3.7 safe and secured if "data-target" attribute is unused? 这似乎又是其中一种情况: 如果未使用“数据目标”属性,Bootstrap 3.3.7是否安全可靠?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.