The image tag's src is not encoded properly to avoid XSS attack - Githubissues

dart-lang / markdown

A Dart markdown library

https://pub.dev/packages/markdown

BSD 3-Clause "New" or "Revised" License

444 stars 201 forks source link

The image tag's src is not encoded properly to avoid XSS attack #586

Closed tomyeh closed 7 months ago

tomyeh commented 7 months ago

Example,

mardownToHtml('''![Uh oh...]("onerror="alert('XSS'))''');