ckeditor-youtube-plugin icon indicating copy to clipboard operation
ckeditor-youtube-plugin copied to clipboard

Published 20 hours ago verified publisher icon fonini

XSS issue due to allowing too much

Open LiamDawe opened this issue 3 years ago • 0 comments

Hi, please be aware that since you're allowing anything to be added to links and images, you've opened up anyone with CKEditor to possible XSS issues if the content used with CKEditor is shown publicly.

Is there a reason why you're setting links and images, and allowing them to add anything? Doesn't seem like the plugin actually needs to allow them.

LiamDawe avatar Jun 18 '21 10:06 LiamDawe