would make the JS in onerror execute. There's a couple of libraries to patch this, such as DOMPurify. However, it's up to you whether you reckon this is necessary. The XSS wouldn't harm anyone as the input field is only accessible by the current user. However, it could be something you may want to consider patching.
Cool editor btw! I've switched from stackedit to this.
Inputting something along the lines of:
would make the JS in onerror execute. There's a couple of libraries to patch this, such as DOMPurify. However, it's up to you whether you reckon this is necessary. The XSS wouldn't harm anyone as the input field is only accessible by the current user. However, it could be something you may want to consider patching.
Cool editor btw! I've switched from stackedit to this.