Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

huntr - Cross-site Scripting Fix #805

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Conversation

huntr-helper
Copy link

https://app.huntr.dev/users/alromh87 has fixed a security vulnerability (Cross-site Scripting) 🔨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this? Get involved at https://huntr.dev/!

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1

alromh87 and others added 9 commits March 26, 2020 00:40
Disable script and on events by default to avoid XSS.

User can enable by setting allowScript|allowOn

Readme updated
Merging fix on-behalf of @alromh87 (034-js-editor-md).
fixes #pandao#612
fixes #pandao#662
fixes #pandao#697
fixes #pandao#700
fixes #pandao#701
fixes #pandao#709
fixes #pandao#715
fixes #pandao#764
fixes #pandao#816

### Probably:
fixes #pandao#307
fixes #pandao#560
fixes #pandao#612
fixes #pandao#662
fixes #pandao#697
fixes #pandao#700
fixes #pandao#701
fixes #pandao#709
fixes #pandao#715
fixes #pandao#764
fixes #pandao#816

fixes #pandao#307
fixes #pandao#560
Enhance filterHTML Regexp to handle self closing tags
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants