search

vueup / vue-quill

Rich Text Editor Component for Vue 3.
https://vueup.github.io/vue-quill/
MIT License
1.08k stars 261 forks source link

fix: xss #548

Closed Webb-L closed 1 month ago

Webb-L commented 3 months ago

Exploit:

<QuillEditor content="<img src=x onerror='alert()'/>" contentType="html"/>

image

stale[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.