Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uriish? helper should only consult start of string #4357

Closed
mojavelinux opened this issue Sep 23, 2022 · 1 comment
Closed

uriish? helper should only consult start of string #4357

mojavelinux opened this issue Sep 23, 2022 · 1 comment
Assignees
@mojavelinux
Labels
bug v2.0.18 Issues resolved in the 2.0.18 release
Milestone
v2.0.x

Comments

@mojavelinux
Copy link
Member

Currently, the uriish? helper looks for the signature of a URI at the start of any line in the string. This can lead to a confusing message in cases when the author did not intend for the string to be treated as a URI. The method should only check the first line (the start of the string) since that's the only way the string could be a valid URI.
@mojavelinux mojavelinux added this to the v2.0.x milestone Sep 23, 2022
@mojavelinux mojavelinux self-assigned this Sep 23, 2022
@mojavelinux mojavelinux changed the title uriish? helper should only check start of string uriish? helper should only consult start of string Sep 23, 2022
mojavelinux added a commit to mojavelinux/asciidoctor that referenced this issue Sep 23, 2022
@mojavelinux
resolves asciidoctor#4357 fix internal uriish? helper so it only dete…
7e3e519 
…cts a URI pattern at the start of a string (GHSL-2022-084)
mojavelinux added a commit to mojavelinux/asciidoctor that referenced this issue Sep 23, 2022
@mojavelinux
resolves asciidoctor#4357 change internal uriish? to only detect a UR…
93522cc 
…I pattern at start of string (GHSL-2022-084)
@mojavelinux mojavelinux added the v2.0.18 Issues resolved in the 2.0.18 release label Sep 23, 2022
@mojavelinux
Copy link
Member Author

Credit to the GitHub Security Team for bringing this issue to our attention (GHSL-2022-084).

mojavelinux added a commit that referenced this issue Sep 24, 2022
@mojavelinux
backport fix for #4357 change internal uriish? to only detect a URI p…
c1b6e36 
…attern at start of string (GHSL-2022-084)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mojavelinux mojavelinux

Labels
bug v2.0.18 Issues resolved in the 2.0.18 release
Projects
None yet
Milestone
v2.0.x
Development

No branches or pull requests
1 participant
@mojavelinux