Quill: XSS Vulnerability in Quill 1.x

Created on 12 Sep 2019  路  2Comments  路  Source: quilljs/quill

There is XSS vulnerability when loading content which was fixed for Quill 2.x in https://github.com/quilljs/quill/pull/2226. Would it be possible to include the patch in 1.x to prevent being vulnerable for users on the stable release?

picture dundalek

Most helpful comment

I believe a similar issue is present in 1.x. Here is a codepen demonstrating XSS with Quill 1.3.7.

image

picture dundalek on 12 Sep 2019
👍3

All 2 comments

The issue you linked specifically was also introduced in 2.x

jhchen picture jhchen on 12 Sep 2019

I believe a similar issue is present in 1.x. Here is a codepen demonstrating XSS with Quill 1.3.7.

image

dundalek picture dundalek on 12 Sep 2019
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kheraud picture kheraud  路  3Comments
lastmjs picture lastmjs  路  3Comments
DaniilVeriga picture DaniilVeriga  路  3Comments
markstewie picture markstewie  路  3Comments
Softvision-MariusComan picture Softvision-MariusComan  路  3Comments