Fix XSS in equation numbers

goessner / markdown-it-texmath

Support TeX math equations with your Markdown documents.

MIT License

161 stars 29 forks source link

Closed yy0931 closed 3 years ago

yy0931 commented 3 years ago

There is another XSS vulnerability around equation numbers. Here is an exapmle.

$$
x
$$ (<img/src="notfound.png"/onerror="location='javascript:alert\x281\x29';">)

goessner commented 3 years ago

thanks for fixing this ...