Code injection vulnerability in visitMixin and visitMixinBlock through "pretty" option · Issue #3312 · pugjs/pug
Hello, I found that pug may allow an attacker to inject arbitrary javascript code if an attacker can control options.pretty. Pug Version: 3.0.0 Proof of concept Here is an vulnerable example includ...