Cross-site Scripting in Quill

[Alex-Inems]

Vulnerability Issues with Quill and React-Quill

Description I'm experiencing security vulnerabilities reported by npm audit related to the quill library. The vulnerabilities include Cross-site Scripting (XSS) and others as detailed in the reports.

Current Versions

• Quill: <=1.3.7

• React-Quill: 2.0.0

  Problem Running npm audit fix --force suggests downgrading react-quill to 0.0.2, which introduces breaking changes. I want to address the vulnerabilities without reverting to older package versions.

  Expected Behavior I would like to resolve these vulnerabilities while maintaining the current versions of quill and react-quill.

  Request for Guidance Are there any planned updates or patches that will address these vulnerabilities? What compatible versions can I use that won’t introduce security risks?

[pruchay]

Unfortunately, I think this issue will be not fixed. Looks like this library is abandoned. I installed the forked library with an updated quill - everything works fine and now I don't have vulnerabilities. You can read about that forked library here Update Quill Dependency to ^2.0.0.