Skip to content

Do not execute scripts in HTML blocks by default to prevent XSS #11172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
88250 opened this issue Apr 27, 2024 · 2 comments
Closed

Do not execute scripts in HTML blocks by default to prevent XSS #11172

88250 opened this issue Apr 27, 2024 · 2 comments
Assignees
@88250
Labels
Enhancement
Milestone
3.0.12

Comments

@88250
Copy link
Member

88250 commented Apr 27, 2024
edited
Loading

设置 - 编辑器 - 允许执行 HTML 块内脚本,默认不勾选,即不允许支持脚本。
88250 added a commit that referenced this issue Apr 27, 2024
@88250
🎨 Do not execute scripts in HTML blocks by default to prevent XSS #11172

Verified

This commit was signed with the committer’s verified signature.
88250 D
GPG key ID: 86211BA83DF03017
Verified
Learn about vigilant mode
34caeb5
88250 added a commit that referenced this issue Apr 27, 2024
@88250
🎨 Do not execute scripts in HTML blocks by default to prevent XSS #11172

Verified

This commit was signed with the committer’s verified signature.
88250 D
GPG key ID: 86211BA83DF03017
Verified
Learn about vigilant mode
9c1ebe6
@88250 88250 added this to the 3.0.12 milestone Apr 27, 2024
@88250 88250 closed this as completed Apr 27, 2024
This was referenced Apr 27, 2024
Closed
Closed
@TCOTC
Copy link
Contributor

TCOTC commented Apr 27, 2024

感觉再给单个 HTML 块弄个开关会不会更好?

@88250
Copy link
Member Author

88250 commented Apr 27, 2024

感觉没有必要,默认安全过滤,用户启用时知道潜在的风险就行了。

@88250 88250 mentioned this issue Sep 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Enhancement
Projects
None yet
Milestone
3.0.12
Development

No branches or pull requests
3 participants
@88250 @Vanessa219 @TCOTC