Closed cinexsoft closed 3 years ago
I don't exactly know how it's going as I'm just beginning to understand XSS.
I just saw this YouTube video which I've linked https://youtu.be/lG7U3fuNw3A and tried it.
Basically I have this textarea that takes the input and directly sends it through the converter and then add the generated html to the body.
textarea
converter
<noscript><p title="</noscript>"<img src=x onerror=alert(1)>
I'm on v1.9.1
I realised that showdown doesn't handle for XSS, so I'll just add a sanitizer as stated in the previous issues.
I don't exactly know how it's going as I'm just beginning to understand XSS.
I just saw this YouTube video which I've linked https://youtu.be/lG7U3fuNw3A and tried it.
Basically I have this
textarea
that takes the input and directly sends it through theconverter
and then add the generated html to the body.Input: