jinzihao
Results
2
issues of
jinzihao
It seems JavaScript is not filtered out in BlankUp, allowing things like ``, as the screenshot shows. Maybe an attacker can do nasty things inside BlankUp, using a Markdown file?...
The title and URL of bookmarks should be sanitized (HTML escaped) - try visiting https://lab.jinzihao.me/test_ohhai_browser.html and fav this page, the browser would be "hijacked" to https://example.com without a way to...