issues
search
npm
/
marky-markdown
npm's markdown parser
https://www.npmjs.com/package/@npmcorp/marky-markdown
405
stars
72
forks
source link
Fixes injection vulnerabilities in README documents.
#444
Closed
ronperris
closed
4 years ago
ronperris
commented
4 years ago
Fixes two injection vulnerabilities.
Injection of
img
element
style
attributes allowed masking page content with attacker controlled image.
Injection of
iframe
elements with
src
urls that only
contain
youtube.com instead of requiring it be the hostname.
Fixes two injection vulnerabilities.
img
elementstyle
attributes allowed masking page content with attacker controlled image.iframe
elements withsrc
urls that only contain youtube.com instead of requiring it be the hostname.