Martin Gaens04/25/2022, 3:16 PM
? I'm trying to render a page using Thymeleaf but there are certain parts of the website which are much easier rendered using
. I'd like to inject them using
but this Stackoverflow answer and a comment underneath it says it's a security vulnerability.
Roukanken04/26/2022, 9:38 AM
and do whatever he wanted every time that gets rendered. Of course, if you prevent user providing input to this variable, it should not be issue. (But of course, think long and hard why you want to do that)
<script> /* arbitrary JS */ </script>
Martin Gaens04/26/2022, 9:39 AM