frontend icon indicating copy to clipboard operation
frontend copied to clipboard
verified publisher icon cloudreve

Stored XSS in markdown preview

Open fakeboboliu opened this issue 4 years ago • 0 comments

详情:https://github.com/cloudreve/Cloudreve/issues/986

成因:https://github.com/kkfor/for-editor/blob/d97c009dd13c39c02163327a85500cf4de1cc90a/src/index.tsx#L439 将文本直接使用 dangerouslySetInnerHTML ,造成 xss

建议:换个库

fakeboboliu avatar Aug 21 '21 19:08 fakeboboliu