dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.Referenceshttps://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
