Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression in non-inline HyperText/iframe HTML support caused by a fix to a hypothetical vulnerability #5860

Open
dchichkov opened this issue May 8, 2024 · 0 comments
Open

Regression in non-inline HyperText/iframe HTML support caused by a fix to a hypothetical vulnerability #5860

dchichkov opened this issue May 8, 2024 · 0 comments

Comments

@dchichkov
Copy link

Describe the bug
Annotating data within an iframe (wikipedia articles, etc) in the HyperText element is no longer possible, as <script> tags are filtered out from HTML content starting from 1.11.0. This is a regression in 1.11.0 caused by #5232

To Reproduce
Use non-inline iframe in the HyperText element and include <script> tag.

Expected behavior
It should be possible to render modern HTML that includes scripting withing the HyperText/iframe.

Environment (please complete the following information):

  • OS: [e.g. iOS]
  • Label Studio Version 1.12.0

Additional context
Sanitized internal data or data from sources like wikipedia can not contain a hypothetical vulnerability highlighted by this CVE. This hypothetical vulnerability is also unimpactful, as the service is stand-alone and isolated from any high-value financial/industry targets.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dchichkov