psergus / ngWYSIWYG

true angular WYSIWYG
MIT License
63 stars 42 forks source link

There is a XSS in the process of model to view. #12

Closed anchengjian closed 8 years ago

anchengjian commented 9 years ago

There is a XSS in the process of model to view.
Simple example:

<img src=x onerror=alert(/xss/) >

XSS.
Now, I have fixed the bug, and push it to my github. In that repertory, I have improved the ui of tinyEditor, and Chinesizated it.
If you can, I want to be a branch of your ngWYSIWYG.
My github: ngTinyEditor

psergus commented 9 years ago

thx for pointing this out. I will add fix.

On Wed, Sep 23, 2015 at 3:45 AM, anchengjian notifications@github.com wrote:

There is a XSS in the process of model to view.

Simple example:

[image: XSS] https://camo.githubusercontent.com/6c6400ad71da09380d0dbaebff06c90d4ecde561/687474703a2f2f69332e74696574756b752e636f6d2f636136366162373661313937336139322e706e67 .

Now, I have fixed the bug, and push it to my github. In that repertory, I have improved the ui of tinyEditor, and Chinesizated it.

If you can, I want to be a branch of your ngWYSIWYG.

My github: ngTinyEditor https://github.com/anchengjian/ngTinyEditor

— Reply to this email directly or view it on GitHub https://github.com/psergus/ngWYSIWYG/issues/12.

Best regards, Sergey Petrenko

psergus commented 9 years ago

I added solution, which was very simple. thx again.