Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The image tag's src is not encoded properly to avoid XSS attack #586

Closed
tomyeh opened this issue Feb 23, 2024 · 0 comments
Closed

The image tag's src is not encoded properly to avoid XSS attack #586

tomyeh opened this issue Feb 23, 2024 · 0 comments

Comments

@tomyeh
Copy link
Contributor

tomyeh commented Feb 23, 2024

Example,

mardownToHtml('''![Uh oh...]("onerror="alert('XSS'))''');
tomyeh added a commit to tomyeh/markd that referenced this issue Feb 23, 2024
@tomyeh
Fix dart-lang#586: encode image tag's src attribute
05de8ac
tomyeh added a commit to tomyeh/markd that referenced this issue Feb 23, 2024
@tomyeh
Fix dart-lang#586: encode image tag's src attribute
c39670e
srawlins pushed a commit that referenced this issue May 22, 2024
@tomyeh
Fix #601: checkbox list separated with blank lines (#602)
340c76f 
* Fix #586: encode image tag's src attribute

* Fix #601: checkbox list separated with blank lines
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomyeh