Comments (4)
juusaw
commented on September 23, 2024
1
Even though the id should be relatively safe, I would recommend escaping the label value just in case, for example by using lodash escape or another utility.
from force-graph.
vasturiano
commented on September 23, 2024
@juusaw thanks, those are good points. I've extended the docs, to make it more clear that the HTML is being (dangerously) set in these label methods, and the consumer should protect against it.
from force-graph.
pielco11
commented on September 23, 2024
Hi all,
I use this library in many projects and just saw this issue. Said that I'm not into web browser infosec, how should I mitigate this vulnerability?
Thank you
PS: currently nodeLabel is given by {node.id}, by JS so the user does not choose "manually" which label give
from force-graph.
pielco11
commented on September 23, 2024
Could be a workaround using Canvas images and placing some text and so removing nodeLabel? The code works, though
from force-graph.
Related Issues (20)
- Problems with labels, and dragging when openin from Brave browser with shield on. HOT 1
- Conditional in linkDirectionalParticles does not use correct return value HOT 1
- Option to always show node labels HOT 2
- How to implement incremental graphData update on zoom and pan? HOT 4
- [Bug]: When nodes are rapidly dragged multiple times in succession, it will be recognized as dragging the canvas
- Discrepency between .json files used in demo and syntax on README HOT 2
- Detecting right click when mouse is moving HOT 1
- Constant node size, independent of zoom HOT 1
- onNodeRightClick doesnt on macbook keyboard+trackpad HOT 2
- How to display nodes together that are identical HOT 1
- Node is not below its parent when creating the tree HOT 1
- unconnected nodes drifting infinitely away HOT 1
- Scrolling on mobile browser
- LinkParticles turns off linkCanvasObjects HOT 2
- click/drag not registering HOT 1
- Export full graph as image
- Link distance only being called a few times.
- I want to avoid node and link overlaping HOT 2
- How to make nodes, text, and connecting lines scale proportionally?
- Callback for first render
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from force-graph.