Homepage

locize@4.0.20

This package adds the incontext editor to your i18next setup.

  • latest version

    4.0.22

  • latest non vulnerable version

    4.0.22

  • first published

    10 years ago

  • latest version published

    19 days ago

  • licenses detected

  • View locize package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the locize package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Origin Validation Error

    locize is a This package adds the incontext editor to your i18next setup.

    Affected versions of this package are vulnerable to Origin Validation Error in the window.addEventListener message handler due to missing validation of the event.origin property. An attacker can execute arbitrary JavaScript, inject malicious CSS, or hijack internal handler processes by sending crafted postMessage events from a malicious origin. This is only exploitable if the attacker-controlled page shares a window reference with the target, such as through an iframe, window.opener, or parent frame relationship.

    How to fix Origin Validation Error?

    Upgrade locize to version 4.0.21 or higher.

    <4.0.21
    Go back to all versions of this package