This project does not filter the markdown text, resulting in an XSS vulnerability.
For example, if "《img src=1 onerror=alert(1)》" is entered during text editing, the malicious script in the text will be executed by editor.md.
If a user directly uses editor.md and does not filter text, the user may be attacked.
The text was updated successfully, but these errors were encountered:
This project does not filter the markdown text, resulting in an XSS vulnerability.


For example, if "《img src=1 onerror=alert(1)》" is entered during text editing, the malicious script in the text will be executed by editor.md.
If a user directly uses editor.md and does not filter text, the user may be attacked.
The text was updated successfully, but these errors were encountered: