Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: improve escaping protection

This commit is contained in:
Sam 2014-07-17 16:09:35 +10:00
parent c12a131fb4
commit 91cd4f2d66
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/assets/javascripts/discourse/dialects/quote_dialect.js
View File

@ -22,7 +22,11 @@ Discourse.Dialect.replaceBlock({
if (i > 0) { if (i > 0) {
var assignment = p.split(':'); var assignment = p.split(':');
if (assignment[0] && assignment[1]) { if (assignment[0] && assignment[1]) {
params['data-' + esc(assignment[0])] = esc(assignment[1].trim()); var escaped = esc(assignment[0]);
// don't escape attributes, makes no sense
if(escaped === assignment[0]) {
params['data-' + assignment[0]] = esc(assignment[1].trim());
}
} }
} }
}); });

3
app/assets/javascripts/discourse/lib/markdown.js
View File

@ -19,8 +19,7 @@ function validateAttribute(tagName, attribName, value) {
// //
// We are SUPER strict cause nokogiri will sometimes "correct" // We are SUPER strict cause nokogiri will sometimes "correct"
// this stuff "incorrectly" // this stuff "incorrectly"
var escaped = Handlebars.Utils.escapeExpression(value); if(/[<>"'`]/.test(value)){
if(escaped !== value){
return; return;
} }