12 questions in the GrapesJS community archive, 5 community-vetted. Sorted by most discussed โ see real fixes, errors and code references.
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Edge v122 Reproducible demo link https://jsfiddle.net/bwreyq29/1/ Describe the bug How to reproduce the bug? open this link https://jsfiddle.n...
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Chrome v102 Reproducible demo link https://jsfiddle.net/szLp8h4n Describe the bug How to reproduce the bug?Select any componentAdd class name...
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Chrome 97.0.4692.71 Reproducible demo link https://jsfiddle.net/ovrz5ug2/4/ Describe the bug Hi - we ran across this XSS vulnerability while u...
GrapesJS code is open to XSS issues because values are inserted into DOM without escaping, e.g. https://github.com/artf/grapesjs/blob/dev/src/assetmanager/view/AssetImageView.js#L30 If model.getFilename() returns <img src=x onerror=alert(d...
To reduce the possible attack surface if the editor is used in "hostile" environments (e.g. in SaaS platforms) support for CSP is required. This will also prevent problems like https://github.com/artf/grapesjs/issues/3082 At the moment, th...
Current version have security issue Might be update to newest version
Version: v0.17.3 Are you able to reproduce the bug from the demo?[x] Yes[ ] No What is the expected behavior? See below What is the current behavior? There is a known security vulnerability in one of the versions of underscore used by a ne...
After npm i we can see that the level of vulnerabilities is unacceptable. added 646 packages from 383 contributors and audited 762 packages in 7.892s found 724 vulnerabilities (353 low, 23 moderate, 348 high) run npm audit fix to fix them,...
GrapesJS version [x] I confirm to use the latest version of GrapesJS What browser are you using? Edge, mozilla Reproducible demo link NA Describe the bug underscore <=1.13.7 Severity: high underscore <=1.13.7 Severity: high Underscore has...
GrapesJS version [x] I confirm to use the latest version of GrapesJS What browser are you using? Chrome 143.0.7499.193 Reproducible demo link https://grapesjs.com/demo.html Describe the bug Hello. How to reproduce the bug? Import GrapeJS i...