![]() ![]() Kiwi TCMS is an open source test management system for both manual and automated testing. ![]() ![]() Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. This problem has been resolved in v4.2.4. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements.įast-xml-parser is an open source, pure javascript xml parser. URLs using a scheme that isn't in this list will not be rendered to the DOM. 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to ``. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. Is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |