Cross-site Scripting in Quill
Alex-Inems opened this issue · 1 comments
Vulnerability Issues with Quill and React-Quill
Description
I'm experiencing security vulnerabilities reported by npm audit related to the quill library. The vulnerabilities include Cross-site Scripting (XSS) and others as detailed in the reports.
Current Versions
- Quill: <=1.3.7
- React-Quill: 2.0.0
Problem
Running npm audit fix --force suggests downgrading react-quill to 0.0.2, which introduces breaking changes. I want to address the vulnerabilities without reverting to older package versions.
Expected Behavior
I would like to resolve these vulnerabilities while maintaining the current versions of quill and react-quill.
Request for Guidance
Are there any planned updates or patches that will address these vulnerabilities? What compatible versions can I use that won’t introduce security risks?
Unfortunately, I think this issue will be not fixed. Looks like this library is abandoned.
I installed the forked library with an updated quill - everything works fine and now I don't have vulnerabilities. You can read about that forked library here Update Quill Dependency to ^2.0.0.