SvelteMarkdown 1.3.0 XSS Vulnerability: Markdown Link Injection Bypasses Pre-Parsing Sanitization

A critical security flaw in the `@humanspeak/svelte-markdown` library version 1.3.0 allows attackers to bypass standard HTML sanitization, creating a direct path for cross-site scripting (XSS) attacks. The vulnerability, discovered by researcher @ShinonomeNoAlice, exploits the library's fundamental processing order: sanitizing user input *before* it is parsed as Markdown is insufficient. Malicious actors can inject executable JavaScript via Markdown's native link syntax, such as `[Click for XSS](javascript:alert('XSS'))`, which remains active after the sanitization step.

The core failure lies in the documented mitigation strategy. The library's official guidance only shows sanitizing raw text with tools like DOMPurify *before* passing it to the `SvelteMarkdown` component. This leaves the parsed Markdown output unchecked, allowing dangerous `javascript:` or `data:` URIs in hyperlinks to execute. While this is a one-click attack vector requiring user interaction, it represents a tangible and exploitable risk for any application using the library with default or common configurations. The current workarounds are problematic: disabling link parsing entirely is overly restrictive for functionality, while manually filtering hrefs via the `walkTokens` hook is complex and error-prone for developers.

This vulnerability places significant pressure on developers relying on this popular Svelte ecosystem package for rendering user-generated content, such as in forums, comment sections, or documentation viewers. It signals a deeper architectural issue where security is treated as a pre-processing step rather than being integrated into the Markdown rendering pipeline itself. Until a patched version is released, teams must implement custom, post-rendering sanitization or accept the risk of client-side code execution, highlighting a critical gap in safe-by-default design for web component libraries.