Incomplete string escaping or encoding (HIGH)

[ReneMuetti]

Checklist

• [X] I've looked at the documentation to make sure the behavior isn't documented and expected.
• [X] I'm sure this is an issue with Summernote, not with my app or other dependencies (Angular, Cordova, React, etc.).
• [X] I've searched through the current issues to make sure this hasn't been reported yet.
• [X] My issue is pertinent to this repository of Summernote (jQuery), or I was unable to have my issue resolved from the relevant version I'm using, such as Angular, dJango, Rails or React. Please try your issue at the relevent repository first.
• [X] I understand that issues without interaction for more than 14 days (2 weeks), may be closed at our discretion. We do this, as sometimes issues are abandoned. We may at our discretion, add issues to the relevant project to be looked at, or for maintainers to work through as time permits. This is to help keep issues relevant to the current version of Summernote, and to reduce clutter.
• [X] I agree to follow the Code of Conduct that this project adheres to.

Steps to reproduce

Incomplete multi-character sanitization Detected by CodeQL in skin/.../summernote/summernote.js:6592

Incomplete multi-character sanitization Detected by CodeQL in skin/.../summernote/summernote-lite.js:6592

Incomplete multi-character sanitization Detected by CodeQL in skin/.../summernote/summernote-bs4.js:6592

DOM text reinterpreted as HTML Detected by CodeQL in skin/.../databasic/summernote-ext-databasic...:172

Expected behavior

GIT-HUB Security-Scanner

Current behavior

GIT-HUB Security-Scanner

Minimal example reproducing the issue

No response

Environment

• Summernote version: 0.8.18
• Browser (with version): -
• OS/Platform (with version): -

[1der1]

@ReneMuetti, the links don't work.

[ReneMuetti]

Oh -- sorry -- I'll try to improve that. I can't copy these links because they always appear as 404. I could create screenshots and make them available here.

[ReneMuetti]

https://info-panel.net/summernote/Screenshot_2024-08-15_at_20-21-50_Incomplete_multi-character_sanitization_Code_scanning_alert_1_ReneMuetti_EasyCMS.png https://info-panel.net/summernote/Screenshot_2024-08-15_at_20-22-13_Incomplete_multi-character_sanitization_Code_scanning_alert_2_ReneMuetti_EasyCMS.png https://info-panel.net/summernote/Screenshot_2024-08-15_at_20-21-01_Incomplete_multi-character_sanitization_Code_scanning_alert_3_ReneMuetti_EasyCMS.png https://info-panel.net/summernote/Screenshot_2024-08-15_at_20-22-39_DOM_text_reinterpreted_as_HTML_Code_scanning_alert_6_ReneMuetti_EasyCMS.png