Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

This library is XSS vulnerable #916

Closed
smithb1994 opened this issue Jul 22, 2017 · 1 comment
Closed

This library is XSS vulnerable #916

smithb1994 opened this issue Jul 22, 2017 · 1 comment

Comments

@smithb1994
Copy link

smithb1994 commented Jul 22, 2017
edited
Loading

Even with sanitize enabled, data uri are allowing XSS attacks:

[xss link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)

A good solution, is to only allow http or https links.
@matt-
Copy link
Contributor

matt- commented Aug 2, 2017

This has been reported a few times. The maintainer will not respond to PR's or push new versions.

#863
#869

and pull request #844

@matt- matt- closed this as completed Aug 2, 2017
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matt- @smithb1994