issues
search
dart-lang
/
markdown
A Dart markdown library
https://pub.dev/packages/markdown
BSD 3-Clause "New" or "Revised" License
444
stars
201
forks
source link
The image tag's src is not encoded properly to avoid XSS attack
#586
Closed
tomyeh
closed
7 months ago
tomyeh
commented
7 months ago
Example,
mardownToHtml('''![Uh oh...]("onerror="alert('XSS'))''');
Example,
mardownToHtml('''![Uh oh...]("onerror="alert('XSS'))''');