tiptap

mirror of https://github.com/ueberdosis/tiptap.git synced 2024-11-27 14:59:27 +08:00

History

Cameron Hessler 04a11355a7 fix(extension-youtube) XSS risk with src tag Fixes risks outline in #4600 by verifying that any src urls are valid youtube URLs before rendering as HTML. My thoughts are that this attack vector would be difficult to use because the attacker would have to have a way to manipualte the TipTap payload in a manner that bypasses the youtube extension's `setYoutubeVideo` command, which already checks for valid URLs.	2023-11-20 18:48:22 +01:00
..
cypress	fix(extension-youtube) XSS risk with src tag	2023-11-20 18:48:22 +01:00
cypress.config.js	tests: increase timeout	2023-03-03 13:00:14 +01:00

Cameron Hessler 04a11355a7 fix(extension-youtube) XSS risk with src tag

Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.

2023-11-20 18:48:22 +01:00

cypress

fix(extension-youtube) XSS risk with src tag

2023-11-20 18:48:22 +01:00

cypress.config.js

tests: increase timeout

2023-03-03 13:00:14 +01:00