MaterialLabel does not escape the given text.

[yu-kopylov]

MaterialLabel does not escape the given text.
This behaviour is different from GWT Label and potentially enables XSS attacks.
GWT-Material Version: 1.6.2

Example:
label.setText("<button>test</button>") - will display a button, instead of text

[kevzlou7979]

We can escape the html tags or element directly but I think let's see how other users / contributors opinion about it :) Thanks for the information

[kevzlou7979]

So I got a solution for this Security Issue.

    @Override
    public void setText(String text) {
        getElement().setInnerSafeHtml(SafeHtmlUtils.fromString(text));
    }

[kevzlou7979]

Fixed via 07b34ce for Core widgets

Fixed via GwtMaterialDesign/gwt-material-addins@5b43969 for Addin widgets