Headline
CVE-2022-0350: :arrow_up: · Vanessa219/vditor@e912e36
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
Permalink
Browse files
⬆️
- Loading branch information
1 parent 17d9af5 commit e912e36ea98251d700499b1ac7702708d3398476
Showing with 7 additions and 6 deletions.
- +1 −0 CHANGELOG.md
- +2 −2 demo/comment.js
- +1 −1 package.json
- +3 −3 src/js/lute/lute.min.js
@@ -99,6 +99,7 @@
v3.8.13 / 2022-04
* [1206](https://github.com/Vanessa219/vditor/issues/1206) 评论语法解析和行级 HTML 解析冲突 `修复缺陷`
* [1054](https://github.com/Vanessa219/vditor/issues/1054) disabled 后应禁止粘贴 `修复缺陷`
* [1162](https://github.com/Vanessa219/vditor/issues/1162) XSS 安全漏洞 `修复缺陷`
* [1203](https://github.com/Vanessa219/vditor/issues/1203) 支持 solidity, yul 语法 `引入特性`
@@ -66,7 +66,7 @@ const renderComments = (ids) => {
cmtElement.innerHTML = `<div>
${text}<br>
<button>删除</button><br>
<input>
<input>
</div>`
cmtElement.value = text
document.getElementById(‘comments’).
@@ -127,7 +127,7 @@ window.vditor = new Vditor('vditor’, {
cmtElement.innerHTML = `<div>
${text}<br>
<button>删除</button><br>
<input>
<input>
</div>`
cmtElement.value = text
if (index === 0) {
@@ -1,6 +1,6 @@
{
"name": "vditor",
"version": "3.8.12",
"version": "3.8.13",
"description": "♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生",
"author": "Vanessa [email protected] (http://vanessa.b3log.org)",
"homepage": "https://b3log.org/vditor",
Large diffs are not rendered by default.
0 comments on commit e912e36
Please sign in to comment.