Copy-paste XSS in vditor text editor [CVE-2021-32855]

We discussed this vulnerability during Episode 137 on 18 April 2022

Copying and pasting an HTML element with a script within it can result in an XSS in vditor text editor. This does feel like a bit of a stretch for an attack scenario, pasting in malicious content to an editor, but not really a thread situation I’ve thought much about either.

They also call out a neat tool for converting some HTML to the actual DOM entities to copy: https://cdn.sekurak.pl/copy-paste/playground.html