Blocker Just make a description in Markdown:
<a href="javascript:alert('hello');">cześć</a>
any JS can be executed with session of current user.
https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it)
Share description allows to embed and execute JS in anchors
-
Jakub Liput
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated:
- Resolved: