Giulicler

**Name of the Vulnerable Software and Affected Versions** docsify versions prior to 4.12.0 **Description** The issue allows for the bypass of previous remediation efforts, enabling the execution of malicious JavaScript through two methods. Firstly, when parsing HTML from remote URLs, the main page's HTML code is sanitized, but this sanitization does not occur in the sidebar. Secondly, the `isURL` external check can be bypassed by inserting additional `////` characters. **Recommendations** For versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue. As a temporary workaround, consider disabling the parsing of HTML from remote URLs or restricting the use of the sidebar until a patch is available. Avoid using the `isURL` external check with URLs containing multiple `////` characters until the issue is resolved.