Skip to content

security: enforce strict URL protocol whitelist validation in Markdown component to prevent XSS#475

Open
DebasmitaBose0 wants to merge 1 commit into
ItsVikasA:mainfrom
DebasmitaBose0:security/xss-input-sanitization
Open

security: enforce strict URL protocol whitelist validation in Markdown component to prevent XSS#475
DebasmitaBose0 wants to merge 1 commit into
ItsVikasA:mainfrom
DebasmitaBose0:security/xss-input-sanitization

Conversation

@DebasmitaBose0

@DebasmitaBose0 DebasmitaBose0 commented Jun 4, 2026

Copy link
Copy Markdown

Closes #474

Problem

Rendered markdown content could contain malicious link protocols (e.g. javascript:, data:), making the application vulnerable to XSS injection.

Current Behavior

Links are rendered directly.

Why This Improvement Is Needed

Filtering protocols prevents script injections from AI generation inputs.

Proposed Solution

Parse and sanitize Markdown link elements using protocol check rules.

Expected Outcome

Secure link parsing without XSS vectors.

@vercel

vercel Bot commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

@DebasmitaBose0 is attempting to deploy a commit to the Vikas' projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

security: enforce strict URL protocol whitelist validation in Markdown component to prevent XSS

1 participant

@DebasmitaBose0