search

iamcco / markdown-preview.nvim

markdown preview plugin for (neo)vim
MIT License
6.82k stars 284 forks source link

XSS #542

Closed lzk0 closed 1 year ago

lzk0 commented 1 year ago

XSS The following input triggers XSS.

<iframe srcdoc="<script>alert('XSS')</script>"></iframe>

Screenshots image

I used:

iamcco commented 1 year ago

disable html tag if you want

let g:mkdp_preview_options = {
    \ 'mkit': { 'html': v:false },
    \ }