Share
## https://sploitus.com/exploit?id=F7611503-39EE-52FD-A93E-5E502AA8BD60
# Stored XSS in node-html-markdown โ‰ค 2.0.0

## Overview

This repository demonstrates a **Stored (Second-Order) Cross-Site Scripting (XSS)** vulnerability in the
[node-html-markdown](https://github.com/codex-team/node-html-markdown) library versions Click me
ff

### Vulnerable Code Location

- File: `src/config.ts`
- Lines: 254โ€“298
- Issue: `javascript:` and `data:` URLs in links and images are not sanitized before being output to Markdown/HTML.

| Component                     | File            | Lines   | Description                                                                                                   |
| ----------------------------- | --------------- | ------- | ------------------------------------------------------------------------------------------------------------- |
| `` tag / autolink handling | `src/config.ts` | 254โ€“277 | The `href` attribute is encoded only for `()_*`; other schemes like `javascript:` pass through unsanitized.   |
| Inline links                  | `src/config.ts` | 283โ€“284 | `href` directly embedded in Markdown output without filtering.                                                |
| `` tag handling          | `src/config.ts` | 292โ€“298 | `src` attribute allows `javascript:` and `data:text/html` (with `keepDataImages: true`) without sanitization. |