Skip to content
This repository has been archived by the owner on Apr 3, 2018. It is now read-only.

XSS in DaumEditor #339

Closed
soaj1664 opened this issue Apr 13, 2014 · 1 comment
Closed

XSS in DaumEditor #339

soaj1664 opened this issue Apr 13, 2014 · 1 comment

Comments

@soaj1664
Copy link

Hi,

The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI
javascript:alert%28location%29
then it works. The attacker can execute arbitrary code of his choice. Please fix this issue. Thanks
@azki
Copy link
Contributor

azki commented Apr 14, 2014

해당 부분은 글 저장 시 서버 사이드에서 처리하는 것이 좋지 않을까 생각합니다.
비슷한 이슈와 답변이 동일하게 있네요. 아무튼, 제보 감사합니다. 좋은 하루 되세요.

mindmup/bootstrap-wysiwyg#142
jhollingworth/bootstrap-wysihtml5#340
PANmedia/raptor-editor#147
yabwe/medium-editor#203
jejacks0n/mercury#453

@azki azki closed this as completed Apr 14, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@azki @soaj1664