.
├── README.md
├── _sidebar.md
├── index.html
└── test
└── xss.md
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>test</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="description" content="Description">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/docsify/lib/themes/vue.css">
<link rel="stylesheet" href="/css/sidebar.css">
</head>
<body>
<div id="app"></div>
<script>
window.$docsify = {
loadSidebar: true,
homepage: './README.md',
alias:{
'/.*/_sidebar.md': '/_sidebar.md',
},
autoHeader: true,
auto2top: true,
search: {
noData: {
'/': 'No results!'
},
paths: 'auto',
placeholder: {
'/': 'Search'
},
hideOtherSidebarContent: true,
depth: 1
},
name: 'test',
}
</script>
<script src="//cdn.jsdelivr.net/npm/docsify/lib/docsify.min.js"></script>
<script src="//cdn.jsdelivr.net/npm/docsify/lib/plugins/search.js"></script>
</body>
</html>
# xss test
xss"><img src=1 onerror=alert(1)><"
- Test
- [xss](./test/xss.md)
when user search something near XSS payload and the javascript which should rendering as markdown will be execute
Bug Report
Steps to reproduce
1. create a simple docsify project
file tree
index.html
xss.md
_sidebar.md
2. start a http server
when user search something near XSS payload and the javascript which should rendering as markdown will be execute
3. input
xin search filedWhat is current behaviour
What is the expected behaviour
Other relevant information
Bug does still occur when all/other plugins are disabled?
Your OS: Mac OS
Node.js version: v12.19.0
npm/yarn version:
Browser version:
Docsify version: 4.12.1
Docsify plugins: search.js
Please create a reproducible sandbox
https://xl9pw.csb.app/
Mention the docsify version in which this bug was not present (if any)