Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: XSS in markdown converter.

This commit is contained in:
Robin Ward 2014-04-28 14:43:49 -04:00
parent 495f78f574
commit ba683bc611
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/assets/javascripts/discourse/dialects/dialect.js
View File

@ -42,7 +42,6 @@ function processTextNodes(node, event, emitter) {
for (var j=1; j<node.length; j++) {
var textContent = node[j];
if (typeof textContent === "string") {
if (dialect.options.sanitize && !skipSanitize[textContent]) {
textContent = Discourse.Markdown.sanitize(textContent);
}
@ -63,9 +62,9 @@ function processTextNodes(node, event, emitter) {
}
}
}
/**
Parse a JSON ML tree, using registered handlers to adjust it if necessary.
@ -96,7 +95,7 @@ function parseTree(tree, path, insideCounts) {
insideCounts[tagName] = (insideCounts[tagName] || 0) + 1;
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/m.exec(n[1])) {
if (n && n.length === 2 && n[0] === "p" && /^<!--([\s\S]*)-->$/.exec(n[1])) {
// Remove paragraphs around comment-only nodes.
tree[i] = n[1];
} else {

2
test/javascripts/lib/markdown_test.js
View File

@ -354,6 +354,8 @@ test("sanitize", function() {
equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
cooked("<i class=\"fa fa-bug fa-spin\" style=\"font-size:600%\"></i>\n<!-- -->", "<p><i></i><br/>&lt;!-- --&gt;</p>", "it doesn't circumvent XSS with comments");
});
test("URLs in BBCode tags", function() {