Javascript execution on pageload while in codeblock

Steps to reproduce

Have <img src="" onerror=alert("Exec") /> in a doc, open doc

Expected result

JS not to execute

Actual result

Alert pops up, also happens with confirm()

Environment

SYSTEM INFO:
Obsidian version: v1.1.16
Installer version: v0.15.9
Operating system: #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-1kali1 (2023-03-22) 6.1.0-kali7-amd64
Login status: not logged in
Insider build toggle: off
Live preview: on
Legacy editor: off
Base theme: dark
Community theme: 80s Neon v0.0.0
Snippets enabled: 5
Restricted mode: off
Plugins installed: 50
Plugins enabled: 45
1: Obsidian Git v2.16.0
2: Advanced Tables v0.18.1
3: Autocomplete v0.8.0
4: Breadcrumbs v3.6.4
5: Buttons v0.4.19
6: Convert url to preview (iframe) v0.5.0
7: Copy button for code blocks v0.1.0
8: Dataview v0.5.55
9: Emoji Toolbar v0.4.0
10: File Tree Alternative Plugin v2.2.9
11: Folder Note v0.7.3
12: Hotkeys for templates v1.4.3
13: Kanban v1.5.1
14: Link Headers Directly v1.0.2
15: MetaEdit v1.7.2
16: Mind Map v1.1.0
17: Note Refactor v1.7.1
18: Outliner v4.2.1
19: Ozan’s Image in Editor Plugin v2.1.6
20: QuickAdd v0.9.1
21: Tag Wrangler v0.5.6
22: Templater v1.16.0
23: Text expand v0.11.2
24: Style Settings v1.0.2
25: Local images v0.14.2
26: Highlightr v1.2.2
27: Banners v1.3.3
28: Taskbone OCR v1.0.0
29: Paste Mode v5.0.1
30: Supercharged Links v0.9.3
31: Admonition v9.2.1
32: Asciinema Player v1.0.0
33: Multi-Column Markdown v0.7.7
34: Clear Unused Images v1.1.0
35: Emoji Shortcodes v2.2.0
36: Excel to Markdown Table v0.4.0
37: Execute Code v1.6.2
38: Icon Shortcodes v0.9.7
39: Text Format v2.2.1
40: Fantasy Statblocks v2.25.1
41: Editor Syntax Highlight v0.1.3
42: Better CodeBlock v1.0.8
43: Typewriter Scroll v0.2.2
44: Charts View v1.2.1
45: Quick Latex for Obsidian v2.5.1

RECOMMENDATIONS:
Custom theme and snippets: for cosmetic issues, please first try updating your theme and disabling your snippets. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community theme and snippets.
Community plugins: for bugs, please first try updating all your plugins to latest. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community plugins.


Additional information

RECOMMENDATIONS:
Custom theme and snippets: for cosmetic issues, please first try updating your theme and disabling your snippets. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community theme and snippets.
Community plugins: for bugs, please first try updating all your plugins to latest. If still not fixed, please try to make the issue happen in the Sandbox Vault or disable community plugins.

Nothing happens in the sandbox. See ↑ and debug help.

Dataview? Templater?

You should seriously consider to update your installer. That is to do a reinstall of Obsidian, since the auto updater isn’t capable of updating the installer.

download and reinstall obsidian. post a screen recording of this happening in the sandbox vault.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.