Component Comment.jsx is using an insecure method to sanitize input --could suffer XSS atacks
vtamara opened this issue · 0 comments
vtamara commented
It is using the option sanitize
of the library marked
, as seen at:
However that library warns at https://marked.js.org/using_advanced#options:
Warning: This feature is deprecated and it should NOT be used as it cannot be considered secure.
Instead use a sanitize library, like DOMPurify (recommended), sanitize-html or insane on the output HTML!