Results
2
issues of
Sam Sanoop
Currently the markdown-editor is vulnerable to XSS. This PR introduces DOMPurify (https://github.com/cure53/DOMPurify) which cleans potential malicious JavaScript.
POC/Steps to reproduce can be seen here: https://snoopysecurity.github.io/software-security/2022/03/27/rs-async-zipslip.html Discussion with the maintainer and RustSec maintainers can be seen here: https://github.com/rustsec/advisory-db/pull/1141