Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-site Scripting in Quill #1011

Open
Alex-Inems opened this issue Oct 27, 2024 · 1 comment
Open

Cross-site Scripting in Quill #1011

Alex-Inems opened this issue Oct 27, 2024 · 1 comment

Comments

@Alex-Inems
Copy link

Vulnerability Issues with Quill and React-Quill

Description
I'm experiencing security vulnerabilities reported by npm audit related to the quill library. The vulnerabilities include Cross-site Scripting (XSS) and others as detailed in the reports.

Current Versions

  • Quill: <=1.3.7
  • React-Quill: 2.0.0

Problem
Running npm audit fix --force suggests downgrading react-quill to 0.0.2, which introduces breaking changes. I want to address the vulnerabilities without reverting to older package versions.

Expected Behavior
I would like to resolve these vulnerabilities while maintaining the current versions of quill and react-quill.

Request for Guidance
Are there any planned updates or patches that will address these vulnerabilities? What compatible versions can I use that won’t introduce security risks?
@pruchay
Copy link

pruchay commented Oct 30, 2024

Unfortunately, I think this issue will be not fixed. Looks like this library is abandoned.
I installed the forked library with an updated quill - everything works fine and now I don't have vulnerabilities. You can read about that forked library here Update Quill Dependency to ^2.0.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pruchay @Alex-Inems