Improve runkit tag's sanitization (#1798)

forem · Feb 13, 2019 · 48de217 · 48de217
1 parent 49e3878
commit 48de217
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/app/liquid_tags/runkit_tag.rb b/app/liquid_tags/runkit_tag.rb
@@ -1,7 +1,7 @@
 class RunkitTag < Liquid::Block
   def initialize(tag_name, markup, tokens)
     super
-    @preamble = ActionView::Base.full_sanitizer.sanitize(markup, tags: [])
+    @preamble = sanitized_preamble(markup)
   end
 
   def render(context)
@@ -64,6 +64,16 @@ def self.script
       }, 200);
     JAVASCRIPT
   end
+
+  def sanitized_preamble(markup)
+    raise StandardError, "Runkit tag is invalid" if markup.ends_with? "\">"
+
+    sanitized = ActionView::Base.full_sanitizer.sanitize(markup, tags: [])
+
+    raise StandardError, "Runkit tag is invalid" if markup.starts_with? "\""
+
+    sanitized
+  end
 end
 
 Liquid::Template.register_tag("runkit", RunkitTag)