flowchart.js icon indicating copy to clipboard operation
flowchart.js copied to clipboard

Published 20 hours ago verified publisher icon adrai

flowchart's link may leads to XSS attack

Open 5alt opened this issue 6 years ago • 1 comments 

st=>start: Start:>javascript:alert(document.domain)
e=>end:>javascript:alert(document.domain)
st->e

If you click the node, javascript will be executed, which leads to XSS attack

image

5alt avatar Jun 26 '19 07:06 5alt

nice... sounds like a feature ;-) I assume this should be fixed in RaphaelJS... @DmitryBaranovskiy what’s your opinion? we just set the href element

adrai avatar Jun 26 '19 20:06 adrai