mirror of
https://github.com/ueberdosis/tiptap.git
synced 2024-12-01 01:19:03 +08:00
04a11355a7
Fixes risks outline in #4600 by verifying that any src urls are valid youtube URLs before rendering as HTML. My thoughts are that this attack vector would be difficult to use because the attacker would have to have a way to manipualte the TipTap payload in a manner that bypasses the youtube extension's `setYoutubeVideo` command, which already checks for valid URLs. |
||
|---|---|---|
| .. | ||
| bold.spec.ts | ||
| codeBlockLowlight.spec.ts | ||
| youtube.spec.ts | ||