- ~> 1.0.0.rc1.1
- ~> 1.0.0.rc2.1
- ~> 1.0.0.rc3.1
- ~> 1.0.0.rc4.1
- ~> 1.0.0.rc5.1
- >= 1.0.0.rc6.1
In general, Ember.js escapes or strips any user-supplied content
before inserting it in strings that will be sent to innerHTML.
tagName property of an
Ember.View was inserted into
such a string without being sanitized. This means that if an
application assigns a view’s
tagName to user-supplied data, a
context of the current domain ("XSS").
This vulnerability only affects applications that assign or bind
user-provided content to