mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 17:46:05 -05:00
FIX: XSS in markdown converter.
This commit is contained in:
parent
495f78f574
commit
ba683bc611
2 changed files with 4 additions and 3 deletions
|
@ -42,7 +42,6 @@ function processTextNodes(node, event, emitter) {
|
|||
for (var j=1; j<node.length; j++) {
|
||||
var textContent = node[j];
|
||||
if (typeof textContent === "string") {
|
||||
|
||||
if (dialect.options.sanitize && !skipSanitize[textContent]) {
|
||||
textContent = Discourse.Markdown.sanitize(textContent);
|
||||
}
|
||||
|
@ -63,9 +62,9 @@ function processTextNodes(node, event, emitter) {
|
|||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Parse a JSON ML tree, using registered handlers to adjust it if necessary.
|
||||
|
||||
|
@ -96,7 +95,7 @@ function parseTree(tree, path, insideCounts) {
|
|||
|
||||
insideCounts[tagName] = (insideCounts[tagName] || 0) + 1;
|
||||
|
||||
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/m.exec(n[1])) {
|
||||
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/.exec(n[1])) {
|
||||
// Remove paragraphs around comment-only nodes.
|
||||
tree[i] = n[1];
|
||||
} else {
|
||||
|
|
|
@ -354,6 +354,8 @@ test("sanitize", function() {
|
|||
equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
|
||||
|
||||
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
|
||||
|
||||
cooked("<i class=\"fa fa-bug fa-spin\" style=\"font-size:600%\"></i>\n<!-- -->", "<p><i></i><br/><!-- --></p>", "it doesn't circumvent XSS with comments");
|
||||
});
|
||||
|
||||
test("URLs in BBCode tags", function() {
|
||||
|
|
Loading…
Reference in a new issue