Vulnrability: XSS #3

New issue

Closed

opened 2025-04-06 09:06:20 +02:00 by seth · 1 comment

seth commented 2025-04-06 09:06:20 +02:00

Copy link

As stated directly from the README, "Marked does not sanitize the output HTML."

A live example can be seen here: https://creations.works/1273447359417942128

Please view their README here to see what they recommend.

As stated directly from the README, "Marked does not sanitize the output HTML."   A live example can be seen here: https://creations.works/1273447359417942128 Please view their README [here](https://github.com/markedjs/marked?tab=readme-ov-file#warning--marked-does-not-sanitize-the-output-html-please-use-a-sanitize-library-like-dompurify-recommended-sanitize-html-or-insane-on-the-output-html-) to see what they recommend.

{4F4244E2-97A4-4990-819B-C128A92E704B}.png

7.5 KiB

{C445BA95-0BD7-4574-BB9D-B97727756371}.png

6.6 KiB

seth commented 2025-04-06 09:07:20 +02:00

Author

Copy link

this could also be seen as a feature?

~~this could also be seen as a feature?~~

creations referenced this issue from a commit 2025-04-07 02:59:51 +02:00

fix xss issue aka: https://git.creations.works/creations/profilePage/issues/3, update depends change how activities display, remove readme title,

creations closed this issue 2025-04-07 03:00:03 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dev

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: creations/profilePage#3

No description provided.