marijnh
commented
9 months ago I'm not sure I follow. Are the links or the comments an XSS vector? How?
Open ys-oo opened 9 months ago
marijnh
commented
9 months ago I'm not sure I follow. Are the links or the comments an XSS vector? How?
ys-oo
commented
9 months ago yo
I'm not sure I follow. Are the links or the comments an XSS vector? How?
i appreciate your response , the markdown links could be used to inject xss attack , i did provide an example with google.com link but it could be javascript instead ...
marijnh
commented
9 months ago I don't think markdown-it will parse javascript: links. Do you have a working proof-of-concept?
I'm working on notion alternative using react js and this awesome package , now i didn't succeed on making a dompurify plugin that will sanitize the html before it's rendered on the dom , especially when using markdown comments like
[link](google.com)as this is a huge door for xss attackthank you for making this awesome package , and i do appreciate any help <3