Hi there,
I have been using your cleditor component for a long time and I am very happy with it.
However, recently we found that it is vulnerable to Self Cross-site scripting attacks.
In order to reproduce such an issue you can:
2. Click "Show Source" button
3. Paste the following text: <img src=x onerror=alert(42)>
4. Click the "Show Rich Text" button
Result: An alert is being shown
Concern: This makes the use of the component vulnerable to any kind of social self cross-site scripting attacks. Even in case that the input text is being sanitized on as part of a web server processing, the component (and the application which use it) is still vulnerable to this kind of attacks.
Do you have any plans to fix this issue?
Regards,
Anatoli