Describe a bug.
Pasted blocks are not sanitized, It may occurs XSS attack!
Steps to reproduce:
<b onclick="alert('XSS test')">Click me!</b>Please see the following GIF animation.
Expected behavior:
Pasted blocks should be sanitized.
Screenshots:

Editor.js version: v2.19.0
馃憢 @gohabereg @neSpecc did you have a chance to follow up on this issue?
We (at snyk) would like to add it to our vulnerability db if it is valid.
Actually, it will be sanitised on saving, so this is not a real vulnerability. But we will think about it.
@neSpecc Thank you! I'll fix it and send PR.
Most helpful comment
Actually, it will be sanitised on saving, so this is not a real vulnerability. But we will think about it.