jodit is vulnerable to cross-site scripting. The library does not properly escape specially constructed input through stripTags
when a user copy-pastes content from a page controlled by the attacker, which allows malicious javascript execution on victim’s browser.