XSS attack by option name #562
Description
Is possible to make XSS attack after add option "<script>alert('XSS')</script>" into select.
Option name should be escaped.
{{ message }}
Is possible to make XSS attack after add option "<script>alert('XSS')</script>" into select.
Option name should be escaped.