Open itsDZhang opened 6 years ago
If I do [some text](javascript:alert('xss')) in the editor, this will get rendered when i click on the link. The format above is in markdown
[some text](javascript:alert('xss'))
Therefore, this is quite vulnerable to attacks: https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-(and-how-to-mitigate-it)
Is there any way we can solve this?
If I do
[some text](javascript:alert('xss'))in the editor, this will get rendered when i click on the link. The format above is in markdownTherefore, this is quite vulnerable to attacks: https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-(and-how-to-mitigate-it)
Is there any way we can solve this?