Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
  • webapp webapp
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 713
    • Issues 713
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 26
    • Merge requests 26
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab 15.0 has launched! Please visit Breaking changes in 15.0 and 15.0 Removals to see which breaking changes may impact your workflow.

  • gitter
  • webappwebapp
  • Issues
  • #1859
Closed
Open
Created Feb 15, 2018 by Pascal Brokmeier@pascalwhoop

[BUG] Injecting arbitrary code into webapp by exploiting KaTeX

Hi team, please quickly take a look at this: https://github.com/Khan/KaTeX/issues/1160 We managed to inject arbitrary code into each others clients using KaTeX in Gitter. I love the fact that you allow math but sanitize the contents! it's easy to break out of it and then all hell breaks loose

Edited Feb 16, 2018 by Eric Eastwood
Assignee
Assign to
Time tracking