mbebenita/mbebenita.github.io

DOM based XSS

Opened this issue 5 years ago · 0 comments

freddyb commented 5 years ago

Hi,

The XHR doesn't restrict itself to same-origin resources, thus allowing attacker controlled markdown files, which is XSS.

See http://mbebenita.github.io/?page=data:,foo%3Cb%3Ehehe%3Csvg/onload=alert(1)%3E

See also showdown wiki for their XSS recommendations at https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it)