search

mdnice / markdown-nice

支持主题设计的 Markdown 编辑器,让排版变 Nice
https://mdnice.com/
GNU General Public License v3.0
4.17k stars 665 forks source link

markdown preview executes the xss Vulnerability #327

Open weujieytt opened 2 years ago

weujieytt commented 2 years ago

The markdown preview executes the xss vector, and the stored xss occurs in the community posting, which can be fixed by the DOMPurify project.

<img src=1 onerror=alert(1)>

image