Intel

AIKIDO-2026-508387

@milkdown/preset-commonmark is vulnerable to Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

54

Medium Risk

This Affects:

JS@milkdown/preset-commonmark
7.0.0 - 7.21.2
Fixed in 7.21.3
Are you affected? Scan for Free

TL;DR

The commonmark link mark renders a stored href directly into a clickable anchor in linkSchema.toDOM (also carried into getHTML() output and read-only mode) without validating the URL scheme. An attacker who gets a javascript: or other unsafe-scheme URL stored in a link can cause script execution when the anchor is rendered or clicked. The fix adds a sanitizeLinkHref scheme allowlist (with control-character normalization) and applies it at the anchor rendering sink. The original URL is preserved inert as document text in the serialized markdown.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and render markdown or HTML from untrusted or user-supplied sources with the commonmark link schema.

Background info

@milkdown/preset-commonmark is vulnerable to Cross-Site Scripting (XSS) in versions 7.0.0 - 7.21.2.

How to fix this

Upgrade the @milkdown/preset-commonmark library to the patch version.