XSS vulnerability in react-text-transition@1.3.0

I've found a Cross-Site Scripting (XSS) vulnerability in this package

**Vulnerability Details:**
- **Severity**: High/Critical
- **Description**: There's a risk of malicious script execution when an adversory controls the text.

**Steps to Reproduce:**
In a React.js project:

```
import React from "react";
import TextTransition, { presets } from "react-text-transition";

const App = () => {
    const [index, setIndex] = React.useState(0);

    React.useEffect(() => {
        const intervalId = setInterval(() =>
            setIndex(index => index + 1),
            3000 // every 3 seconds
        );
        return () => clearTimeout(intervalId);
    }, []);

    return (
        <h1>
            <TextTransition
                text={`<img src='' onerror=alert(1)></img>`}
                springConfig={presets.wobbly}
            />
        </h1>
    );
};

export default App
```

**Suggested Fix or Mitigation:**
It is best practice to sanitize the text before passing it to innerHTML. Please consider sanitizing it using popular sanitization libraries, e.g., `dompurify`, to prevent any XSS. Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

XSS vulnerability in [email protected] #71

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

XSS vulnerability in [email protected] #71

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions