Security Fix for Cross-site Scripting (XSS) - huntr.dev

[huntr-helper]

https://huntr.dev/users/alromh87 has fixed the Cross-site Scripting (XSS) vulnerability 🔨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
GitHub Issue | #26
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/maven/markdown-it-katex/1/README.md

User Comments:

📊 Metadata *

Avoid XSS when katex fails to render

Bounty URL: https://www.huntr.dev/bounties/1-maven-markdown-it-katex

⚙️ Description *

Clean string before showing to user

💻 Technical Description *

Removed special chars using regexp

🐛 Proof of Concept (PoC) *

🔥 Proof of Fix (PoF) *

👍 User Acceptance Testing (UAT)

Original operation unafected

[nnicolosi]

@waylonflinn Approving/merging this PR in order to fix this security issue would allow us to use vue-markdown (which has this repository as a dependency) in our extremely security-conscious organization. We would really appreciate it!

[JanGuillermo]

@waylonflinn Any chance you can take a look at this to unblock the security issue for vue-markdown?