data text attributes

About this tag
The data text attributes tag covers discussions about security vulnerabilities related to HTML data-* attributes, particularly in Bootstrap's Button plugin. A key topic is CVE-2024-6485, a cross-site scripting (XSS) flaw where the data-loading-text and similar attributes are improperly handled, allowing attacker-controlled HTML and script execution. This affects legacy Bootstrap 3 applications. The tag is relevant for web developers, security researchers, and IT professionals managing front-end frameworks, focusing on how data attributes can introduce XSS risks and the importance of proper input sanitization.
  1. CVE-2024-6485 Bootstrap Button XSS in Bootstrap 3

    A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...