Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix markdown_render function #1049

merged 1 commit into from Apr 12, 2019


Copy link

dr3dd589 commented Apr 12, 2019

Fix markdown_render function that executing markdown javascript payload.
eg : [xss](javascript:window.onerror=alert;throw%20document.cookie)

  • Your code is flake8 compliant (DefectDojo's code isn't currently flake8 compliant, but we're trying to correct that.)
  • If this is a new feature and not a bug fix, you've included the proper documentation in the ReadTheDocs documentation folder. or provide feature documentation in the PR.
  • Model changes should include the necessary migrations in the dojo/dd_migrations folder.
  • Add applicable tests to the unit tests.

This comment has been minimized.

Copy link

aaronweaver commented Apr 12, 2019

Thanks for the PR @dr3dd589!

@aaronweaver aaronweaver merged commit a395c82 into DefectDojo:dev Apr 12, 2019
4 checks passed
4 checks passed
AccessLint Review complete
continuous-integration/travis-ci/pr The Travis CI build passed
security/snyk - components/package.json (aaronweaver (GitHub marketplace)) No new issues
security/snyk - requirements.txt (aaronweaver (GitHub marketplace)) No new issues
@dr3dd589 dr3dd589 deleted the dr3dd589:fix_markdown branch Apr 13, 2019

This comment has been minimized.

Copy link

propersam commented May 13, 2019

wow. awesome job @dr3dd589 . I learnt new ideas from here. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.