Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...