FIX: XSS in markdown converter.
This commit is contained in:
parent
495f78f574
commit
ba683bc611
|
@ -42,7 +42,6 @@ function processTextNodes(node, event, emitter) {
|
||||||
for (var j=1; j<node.length; j++) {
|
for (var j=1; j<node.length; j++) {
|
||||||
var textContent = node[j];
|
var textContent = node[j];
|
||||||
if (typeof textContent === "string") {
|
if (typeof textContent === "string") {
|
||||||
|
|
||||||
if (dialect.options.sanitize && !skipSanitize[textContent]) {
|
if (dialect.options.sanitize && !skipSanitize[textContent]) {
|
||||||
textContent = Discourse.Markdown.sanitize(textContent);
|
textContent = Discourse.Markdown.sanitize(textContent);
|
||||||
}
|
}
|
||||||
|
@ -63,9 +62,9 @@ function processTextNodes(node, event, emitter) {
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Parse a JSON ML tree, using registered handlers to adjust it if necessary.
|
Parse a JSON ML tree, using registered handlers to adjust it if necessary.
|
||||||
|
|
||||||
|
@ -96,7 +95,7 @@ function parseTree(tree, path, insideCounts) {
|
||||||
|
|
||||||
insideCounts[tagName] = (insideCounts[tagName] || 0) + 1;
|
insideCounts[tagName] = (insideCounts[tagName] || 0) + 1;
|
||||||
|
|
||||||
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/m.exec(n[1])) {
|
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/.exec(n[1])) {
|
||||||
// Remove paragraphs around comment-only nodes.
|
// Remove paragraphs around comment-only nodes.
|
||||||
tree[i] = n[1];
|
tree[i] = n[1];
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -354,6 +354,8 @@ test("sanitize", function() {
|
||||||
equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
|
equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
|
||||||
|
|
||||||
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
|
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
|
||||||
|
|
||||||
|
cooked("<i class=\"fa fa-bug fa-spin\" style=\"font-size:600%\"></i>\n<!-- -->", "<p><i></i><br/><!-- --></p>", "it doesn't circumvent XSS with comments");
|
||||||
});
|
});
|
||||||
|
|
||||||
test("URLs in BBCode tags", function() {
|
test("URLs in BBCode tags", function() {
|
||||||
|
|
Loading…
Reference in New Issue