burninatorsec2

This was previously disclosed under https://github.com/quilljs/quill/issues/3273, but unfortunately that appears to have been deleted or inaccessible at the moment

Thank you for your response. The way this works is not the hacker hacking themselves: since this is stored XSS, not reflected XSS, this is an issue that affects other...

Additionally, for an overview of this type of security issue, here are some OWASP resources about Injection which includes XSS: https://owasp.org/Top10/A03_2021-Injection/ From a more technical standpoint: input from the user...

Hello - Any updates on this? Has there been a security patch released for it to include the validation code mentioned above? Thanks

Hi, this is how to reproduce the issue - you need to edit the traffic with an interception proxy when storing the comment, in order to put this payload in:`...

> The resolution is to scrub the data from quill before saving in a shared place. Yes, this is one way to remediate it, in lieu of Quill releasing a...

> Perhaps a solution here is to pipe the initial input of the editor through the same mechanism that sanitizes clipboard pasting, since that seems to be effectively removing these...