search

mermaidjs / mermaid-live-editor

Location has moved to https://github.com/mermaid-js/mermaid-live-editor
https://mermaidjs.github.io/mermaid-live-editor/
MIT License
979 stars 181 forks source link

Possibility to inject xss code in editor #58

Open knsv opened 5 years ago

knsv commented 5 years ago 
graph TD
A["<img src=a onerror=alert(1) />"] -->|Get money| B(Go shopping)
B --> C{Let me think}
C -->|One| D[Laptop]
C -->|Two| E[iPhone]
C -->|Three| F[fa:fa-car Car]

Relates to https://github.com/knsv/mermaid/issues/847