We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Payload:
<p><svg><svg onload=onload=alert('xss')></svg></svg></p>
PoC:
其它:
看起来这个项目已经不咋维护了,这个 Issue 的目的是提醒使用这个项目的开发者注意 XSS 问题。
这个问题修复起来很简单,升级一下 Markdown Editor 就行了。
另外,一堆 Vue Admin 项目的 Markdown Editor 都能 XSS,使用奇怪的 Markdown Editor 时建议检查其是否有白名单过滤。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Payload:
PoC:
其它:
看起来这个项目已经不咋维护了,这个 Issue 的目的是提醒使用这个项目的开发者注意 XSS 问题。
这个问题修复起来很简单,升级一下 Markdown Editor 就行了。
另外,一堆 Vue Admin 项目的 Markdown Editor 都能 XSS,使用奇怪的 Markdown Editor 时建议检查其是否有白名单过滤。
The text was updated successfully, but these errors were encountered: