Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Online Demo #63

Open
soaj1664 opened this issue Apr 13, 2014 · 4 comments
Open

Online Demo #63

soaj1664 opened this issue Apr 13, 2014 · 4 comments

Comments

@soaj1664
Copy link

Hi

Is there any online demo of your WYSIWYG editor?

Thanks!

@bhaku
Copy link

bhaku commented Apr 13, 2014

@soaj1664
Copy link
Author

Hi @bhaku

First of all thanks for quick reply.

The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI

javascript:alert%28location%29

then it works. The attacker can execute arbitrary code of his choice. Please fix this issue. Thanks

@soaj1664
Copy link
Author

@bhaku Is the issue has been fixed? Thanks!

@bhaku
Copy link

bhaku commented Apr 24, 2014

Sorry I'm not a developer this plugin

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants