![]() ![]() Impacted PackagesĪll versions of these packages are impacted until the ones specified below, which are now safe for user defined input: Read more about preventing XSS in reactĬommon examples may be user-defined path parameters, query string, unsanitized UI provided values in database, etc., that are used to build template strings or passed directly to a renderPlaygroundPage() or the matching middleware function equivalent listed above.This allows an attacker to inject html and javascript into the page. The only reason this vulnerability exists is because we are using template strings in renderPlaygroundPage() with potentially unsanitized user defined variables. If you used static values, such as graphql-playground-electron does in it's webpack config, as well as the most common middleware implementations out there, they were not vulnerable to the attack. Impacted are any and all unsanitized user-defined input to: NOTE: only unsanitized user input to the functions in these packages is vulnerable to the recently reported XSS Reflection attack. ⚙ GraphQL Config support with multiple Projects & Endpoints.⚡️ Supports real-time GraphQL Subscriptions.□ Interactive, multi-column docs (keyboard support). ![]() ✨ Context-aware autocompletion & error highlighting.$ brew install -cask graphql-playground Features ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |