- Issue created by @prudloff
The link Twig function seems to have a vulnerability similar to SA-CONTRIB-2023-041 → .
{{ link('<script>alert(`XSS`);</script>', 'bar', '') }}
It probably needs a fix similar to this: https://git.drupalcode.org/project/unified_twig_ext/-/commit/6e8dcbfe6f4...
Active
1.0
Code
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.