js2me
commented
1 year ago Hello @Nate-Wilkins so you can share a demo with code here ?
Open Nate-Wilkins opened 1 year ago
js2me
commented
1 year ago Hello @Nate-Wilkins so you can share a demo with code here ?
Nate-Wilkins
commented
1 year ago @js2me @samber
Here's a StackBlitz that I put together.
This basically shows that javascript links can be injected into the resulting markdown. Doesn't necessarily mean that a malicious actor could execute an XSS attack in the client code but it doesn't sanatize this browser "feature".
Hi,
I noticed that you guys don't have a security policy so I wasn't sure where to put this.
I have a demo of a XSS Attack with this library and wanted to make sure it was addressed since this package is about sanatizing markdown to prevent XSS Attacks.
My email is
nate-wilkins@code-null.com.If I don't get an email in a few days I'll post the demo & code here.