-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Pasted blocks are not sanitized, It may occurs XSS attack! #1396
Labels
Comments
👋 @gohabereg @neSpecc did you have a chance to follow up on this issue? |
Actually, it will be sanitised on saving, so this is not a real vulnerability. But we will think about it. |
@neSpecc Thank you! I'll fix it and send PR. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe a bug.
Pasted blocks are not sanitized, It may occurs XSS attack!
Steps to reproduce:
<b onclick="alert('XSS test')">Click me!</b>
Please see the following GIF animation.
Expected behavior:
Pasted blocks should be sanitized.
Screenshots:
![ezgif com-gif-maker (7)](https://user-images.githubusercontent.com/7702653/97069931-c4ada680-160e-11eb-8eb2-19768df923b6.gif)
Editor.js version: v2.19.0
The text was updated successfully, but these errors were encountered: