Vulnerable to Self-XSS #226

NateScarlet · 2020-03-19T07:14:09Z

I tried tui.editor and stackedit, they will auto sanitize such input

88250 · 2020-03-19T07:29:23Z

感谢反馈，确实存在安全隐患，后续会进行修复。

jakekwak · 2020-04-01T17:02:28Z

option for HTML like HyperMD
html: true or false

NateScarlet · 2020-04-01T17:11:27Z

Rather than turn off html completely, I prefer sanitize html with a whitelist (use library like DomPurify or xss)

88250 · 2020-04-10T03:06:15Z

We will fix this issue in recent releases, thank you all. The main implementation will be done in Lute.

88250 · 2020-04-11T04:14:56Z

Oh, it's a new issue not related to XSS fix. I created a new issue to resolve it.

88250 self-assigned this Mar 19, 2020

88250 added the 修复缺陷 label Mar 19, 2020

Vanessa219 added this to the 3.0.0 milestone Mar 19, 2020

88250 removed this from the 3.0.0 milestone Mar 20, 2020

88250 added this to the 3.1.0 milestone Apr 10, 2020

88250 mentioned this issue Apr 10, 2020

增加一定程度的 XSS 安全过滤 88250/lute#51

Closed

88250 closed this as completed Apr 10, 2020

This comment has been minimized.

Sign in to view

Vanessa219 reopened this Apr 11, 2020

88250 mentioned this issue Apr 11, 2020

Inline HTML parsing issue #303

Closed

88250 closed this as completed Apr 11, 2020

88250 mentioned this issue Apr 18, 2020

存在XSS漏洞 nicejade/markdown-online-editor#7

Open

Provide feedback