Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS attack #556

Closed
Darthmineboy opened this issue Nov 10, 2020 · 2 comments
Closed

XSS attack #556

Darthmineboy opened this issue Nov 10, 2020 · 2 comments
Labels
enhancement
Milestone
2.34.2

Comments

@Darthmineboy
Copy link

Darthmineboy commented Nov 10, 2020
edited
Loading

First of, thanks for this library. I'm going nuts about the lack of table functionality in many of the free wysiwyg editors. This editor has good support for tables 🥇

I have however found an XSS vulnerability in this editor. It appears the editor does filter out script tags, unfortunately that is not sufficient for all XSS attacks.

Reproduction
@JiHong88
Copy link
Owner

@Darthmineboy Thank you for your reporting.
Will be fixed in the next version.
Thank you.

@JiHong88 JiHong88 modified the milestones: 2.34.2, 2.35.0 Nov 11, 2020
JiHong88 added a commit that referenced this issue Nov 11, 2020
@JiHong88
security: #556 XSS attack
c0d1776
@JiHong88
Copy link
Owner

The 2.34.2 version has been updated.
If this issue has not been resolved, please reopen this issue.
Thank you.

NickyTope pushed a commit to isw-kudos/SunEditor that referenced this issue Feb 11, 2021
@JiHong88 @NickyTope
security: JiHong88#556 XSS attack
dc7675a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2.34.2
Development

No branches or pull requests
2 participants
@Darthmineboy @JiHong88