New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

renderer link not escaped #80

Closed
zTrix opened this Issue Nov 19, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@zTrix

zTrix commented Nov 19, 2015

>>> markdown('**blah** [asdfasdf](blasdfh">)')
'<p><strong>blah</strong> <a href="blasdfh">">asdfasdf</a></p>\n'

github rendered:

blah asdfasdf afd

@qll

This comment has been minimized.

Show comment
Hide comment
@qll

qll Feb 23, 2016

Contributor

Just for the sake of completeness, here is an actual XSS vector using JavaScript (avoiding the parantheses by using templates)

>>> mistune.markdown('[text]("><script>alert`1`</script>)')
'<p><a href=""><script>alert`1`</script>">text</a></p>\n'
Contributor

qll commented Feb 23, 2016

Just for the sake of completeness, here is an actual XSS vector using JavaScript (avoiding the parantheses by using templates)

>>> mistune.markdown('[text]("><script>alert`1`</script>)')
'<p><a href=""><script>alert`1`</script>">text</a></p>\n'
@qll

This comment has been minimized.

Show comment
Hide comment
@qll

qll Feb 23, 2016

Contributor

@nitely found out that the same problem appears in images, too. This could be moved to an own issue or be collected in here, but that's your call.

>>> mistune.markdown('![text]("><script>alert`1`</script>)')
'<p><img src=""><script>alert`1`</script>" alt="text"></p>\n'
Contributor

qll commented Feb 23, 2016

@nitely found out that the same problem appears in images, too. This could be moved to an own issue or be collected in here, but that's your call.

>>> mistune.markdown('![text]("><script>alert`1`</script>)')
'<p><img src=""><script>alert`1`</script>" alt="text"></p>\n'
@Kingwl

This comment has been minimized.

Show comment
Hide comment
@Kingwl

Kingwl Oct 18, 2017

it's very helpful to me!

Kingwl commented Oct 18, 2017

it's very helpful to me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment