yan42685 / obsidian-clever-search

Helping you quickly locate the notes in your mind in the easiest way, without the need for complex search syntax to find relevant content.

GNU General Public License v3.0

98 stars 0 forks source link

[BUG] Search for XSS vulnerabilities in the vault #28

Open UzJu opened 3 days ago

UzJu commented 3 days ago

Description error

Briefly describe the mistakes.

<！ -only open the community plug-in in the new vault to reproduce->

Reproduction step

Go to " ... Create a new md file and then write the following characters.

echo '<img src=https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)></img>'// XXXXXXXXXX

Click' ...' 3. Then use the function of search in vault.
Scroll down to " ....
Check the errors

Expected behavior

Briefly describe what you expect to happen.

<！ -optional->

screenshot

If applicable, please add screenshots to help explain your problem.

Environment

OS：
Obsidian Version： -Plug-in version: latest

yan42685 commented 2 days ago

Thanks for reminding me. I'll cope with it this week.

yan42685 commented 2 days ago

Fixed in 0.2.11 😃

I deleted a thoughtless reply, please ignore it.

UzJu commented 1 day ago

Hello:) Thanks again for such a great plugin for Obsidian, I've re-tested the fix version and the issue has been fixed, no new issues found.

It's ok, because my main job is security research, I have some attack payloads inside my notes, and then one time I queried it, I triggered the issue by chance, so I'll give you the first feedback.

Thanks again for such a great plugin and have a nice life!

yan42685 commented 1 day ago

Hello! I'm glad to know you recognize the value of this plugin, and I appreciate your feedback. If you need anything in the future, feel free to reach out. Wishing you all the best in your security research. Have a wonderful weekend!