|
|
|
@ -77,9 +77,9 @@ Note that only the `react-dom` package needs to be updated. |
|
|
|
|
|
|
|
## Detailed Description |
|
|
|
|
|
|
|
Your app might be affected by this vulnerability only if these two conditions are true: |
|
|
|
Your app might be affected by this vulnerability only if both of these two conditions are true: |
|
|
|
|
|
|
|
* Your app is **being rendered to HTML using [ReactDOMServer API](/docs/react-dom-server.html)**. |
|
|
|
* Your app is **being rendered to HTML using [ReactDOMServer API](/docs/react-dom-server.html)**, and |
|
|
|
* Your app **includes a user-supplied attribute name in an HTML tag.** |
|
|
|
|
|
|
|
Specifically, the vulnerable pattern looks like this: |
|
|
|
|
Sophie Alpert
7 years ago