search

hinesboy / mavonEditor

mavonEditor - A markdown editor based on Vue that supports a variety of personalized features
http://www.mavoneditor.com/
MIT License
6.45k stars 918 forks source link

Cross-Site Scripting #513

Closed tyzero closed 4 years ago

tyzero commented 4 years ago

https://www.npmjs.com/advisories/1169

Overview All versions of mavon-editor are vulnerable to Cross-Site Scripting. The package fails to sanitize entered input, allowing attackers to execute arbitrary JavaScript in a victim's browser.

大佬 这个是不是没法解决了。。