You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The markdown preview functionality will cause stored XSS attack, which doesn't require user interaction.
Markdown 预览功能会导致存储型 XSS 攻击,而且不需要用户交互。
To Reproduce
Steps to reproduce the behavior:
Create a new file with ".txt" or ".md" extension. 创建个 .md 或者 .txt 拓展的新文件
Paste the following code.
<img src="x" onerror="alert('xss')">
Share the file and add /text after the URL. 在 URL 后面加上 /text
Describe the bug
The markdown preview functionality will cause stored XSS attack, which doesn't require user interaction.
Markdown 预览功能会导致存储型 XSS 攻击,而且不需要用户交互。
To Reproduce
Steps to reproduce the behavior:
/text
after the URL. 在 URL 后面加上/text
Visit https://demo.cloudreve.org/s/YXMmiE/text for example.
Expected behavior
No JavaScript code in markdown preview should be executed. 不执行任何 Markdown 预览中的 JavaScript 代码
Screenshots
![image](https://user-images.githubusercontent.com/11910831/130332390-40909751-760a-47e8-a260-99159b8bd36f.png)
Desktop (please complete the following information):
Smartphone (please complete the following information):
The text was updated successfully, but these errors were encountered: