Skip to content

Safe Mode XSS #702

Description

@JorianWoltjer

Describe the bug

It's possible to bypass the safe mode (escape and replace)

To Reproduce

Use the master branch and run the following markdown through it:

`
<img src onerror="alert(origin)">
[x]: `

The resulting HTML is:

<p>`
<img src onerror="alert(origin)"></p>

That executes JavaScript, causing XSS.

This was found through fuzzing so I'm not sure exactly why it happens, but this was the minimal PoC.

Debug info
Version of library being used: c2d73a3

Any extras being used: no

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions