mirror/tiptap
1
0
Fork 0
mirror of https://github.com/ueberdosis/tiptap.git synced 2025-01-10 14:08:37 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
6,354 Commits 64 Branches 5,660 Tags 88 MiB
31f3746491
Commit Graph

4 Commits

Author SHA1 Message Date
Lukas Hirt
099e10df92
fix: mark nocookie youtube url as valid when parsing html (#4883) 2024-02-19 10:32:57 +01:00
Cameron Hessler
e6947bad2d fix(extension-youtube) fix lint 2023-11-20 18:48:22 +01:00
Cameron Hessler
1bd714a408 fix(extension-youtube) change regex to disallow non-youtube domains 2023-11-20 18:48:22 +01:00
Cameron Hessler
04a11355a7 fix(extension-youtube) XSS risk with src tag 
Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
 2023-11-20 18:48:22 +01:00