:art: https://github.com/Vanessa219/vditor/issues/1827

CHANGELOG.md

@@ -29,8 +29,9 @@
 
 ### v3.11.2 / 2025-07
 
+* [改进粘贴 markdown 导致的 XSS](https://github.com/Vanessa219/vditor/issues/1827) `改进功能`
 * [支持西班牙语和越南语](https://github.com/Vanessa219/vditor/pull/1828) `引入特性`
-* [改进列表内粘贴列表](https://github.com/Vanessa219/vditor/pull/1830) `引入特性`
+* [支持粘贴含有图文的 Word](https://github.com/Vanessa219/vditor/pull/1830) `引入特性`
 * [改进列表内粘贴列表](https://github.com/Vanessa219/vditor/issues/1832) `改进功能`
 
 ### v3.11.1 / 2025-05-27

src/ts/util/selection.ts

@@ -236,6 +236,8 @@ export const setRangeByWbr = (element: HTMLElement, range: Range) => {
 };
 
 export const insertHTML = (html: string, vditor: IVditor) => {
+    html = Lute.Sanitize(html);
+
     // 使用 lute 方法会添加 p 元素，只有一个 p 元素的时候进行删除
     const tempElement = document.createElement("div");
     tempElement.innerHTML = html;