Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize HTML output from Markdown field #2105

Open
tidyui opened this issue Jan 3, 2025 · 0 comments
Open

Sanitize HTML output from Markdown field #2105

tidyui opened this issue Jan 3, 2025 · 0 comments
Assignees
@tidyui
Labels
bug core
Milestone
Version 12.0

Comments

@tidyui
Copy link
Member

tidyui commented Jan 3, 2025

In order to prevent cross-site scripting of javascript added to a markdown field, as reported here GHSA-mmx8-vrfg-hfmq, HTML output should be sanitized when calling ToHtml() on a MarkdownField.
@tidyui tidyui added this to the Version 12.0 milestone Jan 3, 2025
@tidyui tidyui moved this to Todo in Version 12.0 Jan 3, 2025
@tidyui tidyui moved this from Todo to In Progress in Version 12.0 Jan 3, 2025
@tidyui tidyui self-assigned this Jan 3, 2025
@tidyui tidyui mentioned this issue Jan 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tidyui tidyui

Labels
bug core
Projects
Version 12.0
Status: In Progress
Milestone
Version 12.0
Development

No branches or pull requests
1 participant
@tidyui