mirror/tiptap
1
0
Fork 0
mirror of https://github.com/ueberdosis/tiptap.git synced 2025-06-10 11:02:47 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,877 Commits 74 Branches 6,110 Tags 83 MiB
changeset-release/develop
Commit Graph

6 Commits

Author SHA1 Message Date
Phillmont Muktar
0749b9cac2 test(youtube): add tests for Live, Shorts URLs 2025-05-29 14:29:43 +08:00
Phillmont Muktar
1c15e193c1 test(youtube): add tests for start timestamp parsing 2025-05-29 14:24:07 +08:00
Lukas Hirt
099e10df92
fix: mark nocookie youtube url as valid when parsing html (#4883) 2024-02-19 10:32:57 +01:00
Cameron Hessler
e6947bad2d fix(extension-youtube) fix lint 2023-11-20 18:48:22 +01:00
Cameron Hessler
1bd714a408 fix(extension-youtube) change regex to disallow non-youtube domains 2023-11-20 18:48:22 +01:00
Cameron Hessler
04a11355a7 fix(extension-youtube) XSS risk with src tag 
Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
 2023-11-20 18:48:22 +01:00