You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
data text attributes
About this tag
The data text attributes tag covers discussions about security vulnerabilities related to HTML data-* attributes, particularly in Bootstrap's Button plugin. A key topic is CVE-2024-6485, a cross-site scripting (XSS) flaw where the data-loading-text and similar attributes are improperly handled, allowing attacker-controlled HTML and script execution. This affects legacy Bootstrap 3 applications. The tag is relevant for web developers, security researchers, and IT professionals managing front-end frameworks, focusing on how data attributes can introduce XSS risks and the importance of proper input sanitization.
A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...