Interesting project! I found this little thing:
Input:
{
"foo": "bar",
"test": "<script>alert()</script>"
}Output:
<table border="1"><tr><th>foo</th><td>bar</td></tr><tr><th>test</th><td><script>alert()</script></td></tr></table>
The <script>alert()</script> should be encoded to avoid XSS.
Interesting project! I found this little thing:
Input:
Output:
The
<script>alert()</script>should be encoded to avoid XSS.