Summary
apps/logicsrc-web/src/app/docs/[slug]/page.tsx line 40 parses markdown with marked and renders it via dangerouslySetInnerHTML at line 53 without sanitization.
const html = await marked.parse(md);
// ...
dangerouslySetInnerHTML={{ __html: html }}Impact
The marked library converts markdown to HTML without sanitization by default. Markdown files can contain raw HTML (including <script> tags) that would be rendered unsanitized. While docs are sourced from the repo (lower risk than the blog webhook), a malicious contributor could inject JavaScript via a docs PR.
Suggested Fix
Configure marked with a sanitizer or pass output through sanitize-html:
import sanitizeHtml from "sanitize-html";
const rawHtml = await marked.parse(md);
const html = sanitizeHtml(rawHtml, { /* safe defaults */ });Severity: Medium
Summary
apps/logicsrc-web/src/app/docs/[slug]/page.tsxline 40 parses markdown withmarkedand renders it viadangerouslySetInnerHTMLat line 53 without sanitization.Impact
The
markedlibrary converts markdown to HTML without sanitization by default. Markdown files can contain raw HTML (including<script>tags) that would be rendered unsanitized. While docs are sourced from the repo (lower risk than the blog webhook), a malicious contributor could inject JavaScript via a docs PR.Suggested Fix
Configure
markedwith a sanitizer or pass output throughsanitize-html:Severity: Medium