Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Previewers: Fixed XSS #2506

Merged
merged 1 commit into from Aug 6, 2020
Merged

Conversation

@RunDevelopment
Copy link
Member

@RunDevelopment RunDevelopment commented Aug 6, 2020

This fixes an XSS vulnerability discovered and fixed by Masato Kinugawa.

This pull is just an implementation of his/her fix.


The url() function will resolve URL fragments, so so the location.href is unnecessary.

@RunDevelopment RunDevelopment merged commit 8bba488 into PrismJS:master Aug 6, 2020
1 check passed
@RunDevelopment RunDevelopment deleted the previewers-xss branch Aug 6, 2020
quentinvernot added a commit to TankerHQ/prismjs that referenced this issue Sep 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant