This project does not filter the markdown text, resulting in an XSS vulnerability.
For example, if "《img src=1 onerror=alert(1)》" is entered during text editing, the malicious script in the text will be executed by editor.md.
If a user directly uses editor.md and does not filter text, the user may be attacked.
This project does not filter the markdown text, resulting in an XSS vulnerability. For example, if "《img src=1 onerror=alert(1)》" is entered during text editing, the malicious script in the text will be executed by editor.md. If a user directly uses editor.md and does not filter text, the user may be attacked.