Describe the bug
It's possible to bypass the safe mode (escape and replace)
To Reproduce
Use the master branch and run the following markdown through it:
`
<img src onerror="alert(origin)">
[x]: `
The resulting HTML is:
<p>`
<img src onerror="alert(origin)"></p>
That executes JavaScript, causing XSS.
This was found through fuzzing so I'm not sure exactly why it happens, but this was the minimal PoC.
Debug info
Version of library being used: c2d73a3
Any extras being used: no
Describe the bug
It's possible to bypass the safe mode (escape and replace)
To Reproduce
Use the
masterbranch and run the following markdown through it:The resulting HTML is:
That executes JavaScript, causing XSS.
This was found through fuzzing so I'm not sure exactly why it happens, but this was the minimal PoC.
Debug info
Version of library being used: c2d73a3
Any extras being used: no