Skip to content
Launch GitLab Knowledge Graph

Fix XSS vulnerability in markdown renderer

Description

CONFIDENTIAL SECURITY ISSUE

Our markdown renderer component is vulnerable to XSS attacks through unsanitized HTML rendering.

Vulnerability Details

  • Severity: HIGH
  • Component: MarkdownRenderer component
  • Issue: Uses dangerouslySetInnerHTML without sanitization
  • Attack Vector: User-supplied markdown with embedded scripts

Reproduction

<img src=x onerror="alert(document.cookie)">

Remediation

  • Install DOMPurify library
  • Sanitize all HTML before rendering
  • Add CSP headers
  • Write security tests

cc @sabrina @bill