CVE-2026-50733

An attacker can craft a markdown document containing a WaveDrom diagram with malicious JavaScript. When a victim previews or exports this document, the JavaScript is executed within the VS Code webview context. This script can then interact with the VS Code API to write arbitrary content to any file on the filesystem, as demonstrated by overwriting `~/.ssh/authorized_keys` [ref_id=1]. The vulnerability is triggered through any render path, including live preview, presentation mode, and HTML export [ref_id=1].

The vulnerability lies in the `renderWavedrom()` function within `crossnote/src/webview/containers/preview.ts`, which calls `window.eval()` on the raw content of WaveDrom fenced code blocks. Both server-side and client-side sanitizers, specifically `crossnote/src/markdown-engine/sanitize.ts` and `crossnote/src/webview/lib/sanitize.ts`, intentionally preserve `<script type="WaveDrom">` tags. The blind command dispatch in `mpe/src/preview-provider.ts` and the `updateMarkdown()` function in `mpe/src/extension-common.ts` facilitate the arbitrary file write.

The fix replaces the unsafe `eval()` call with `JSON.parse()` for parsing WaveDrom diagram content. Additionally, WaveDrom data scripts are now sanitized to ensure they are inert strict JSON. This change prevents the execution of arbitrary JavaScript by ensuring that only valid JSON is processed, thereby closing the code injection vulnerability.

Create a file named `poc-authorized-keys.md` with the provided WaveDrom content. Open this file in VS Code and preview it. After previewing, check the `~/.ssh/authorized_keys` file to verify it has been overwritten with the attacker-controlled SSH public key [ref_id=1].