Stored XSS in the markdown preview functionality. Markdown 预览功能中存在存储型 XSS 漏洞

[Archeb]

Describe the bug
The markdown preview functionality will cause stored XSS attack, which doesn't require user interaction.
Markdown 预览功能会导致存储型 XSS 攻击，而且不需要用户交互。

To Reproduce

Steps to reproduce the behavior:

1. Create a new file with ".txt" or ".md" extension. 创建个 .md 或者 .txt 拓展的新文件
2. Paste the following code.

<img src="x" onerror="alert('xss')">

3. Share the file and add /text after the URL. 在 URL 后面加上 /text
4. Send the link to victims. 把链接发送给受害者

Visit https://demo.cloudreve.org/s/YXMmiE/text for example.

Expected behavior
No JavaScript code in markdown preview should be executed. 不执行任何 Markdown 预览中的 JavaScript 代码

Screenshots

Desktop (please complete the following information):

• OS: non-specific
• Browser: non-specific

Smartphone (please complete the following information):

• Device: non-specific