-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cross site scripting in mermaid #869
Labels
Type: Bug / Error
Something isn't working or is incorrect
Comments
ThePenguin1140
added
!critical
Type: Bug / Error
Something isn't working or is incorrect
labels
Jul 5, 2019
Hi, I think this is a duplicate of #847. I will close this one. I will move your example there. If you disagree of the overlap reopen with a comment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I found XSS issues in mermaid. This affects all the projects that use mermaid.
There are three different ways to trigger.
The first one:
The second one:
The third one(needs click, both nodes will work):
Here is an example that affects other projects which using mermaid.
hackmdio/codimd#1233
And all above three payload would work on hackmd.io
Hope you can fix soon!
The text was updated successfully, but these errors were encountered: