markdown-nice icon indicating copy to clipboard operation
markdown-nice copied to clipboard
verified publisher icon mdnice

markdown preview executes the xss Vulnerability

Open weujieytt opened this issue 3 years ago • 0 comments

The markdown preview executes the xss vector, and the stored xss occurs in the community posting, which can be fixed by the DOMPurify project.

<img src=1 onerror=alert(1)>

image

weujieytt avatar Aug 21 '22 05:08 weujieytt