Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

micromark crashes on invalid URI #19

Closed
ChristianMurphy opened this issue Sep 17, 2020 · 1 comment
Closed

micromark crashes on invalid URI #19

ChristianMurphy opened this issue Sep 17, 2020 · 1 comment
Labels
🗄 area/interface This affects the public interface 💪 phase/solved Post is done 👶 semver/patch This is a backwards-compatible fix 🐛 type/bug This is a problem

Comments

@ChristianMurphy
Copy link
Member

ChristianMurphy commented Sep 17, 2020
edited

Subject of the issue

Some malformed URL can crash micromark

Your environment

  • OS: Ubuntu 16
  • Packages: micromark 2.6.0
  • Env: Node 14

Steps to reproduce

var micromark = require('micromark')

console.log(micromark('[](<%>)'))

originally detected with #18, credit to @wooorm for a more minimal repro

Expected behavior

<p><a href="%25"></a></p>

Actual behavior

URIError: URI malformed
    at decodeURI (<anonymous>)
    at normalizeUri (micromark/dist/util/normalize-uri.js:1:1040)
    at url (micromark/dist/compile/html.js:1:54303)
    at Object.onexitmedia (micromark/dist/compile/html.js:1:61812)
    at done (micromark/dist/compile/html.js:1:50389)
    at compile (micromark/dist/compile/html.js:1:48534)
    at buffer (micromark/dist/index.js:1:2192)
    at Worker.fuzz [as fn] (micromark/fuzzer.js:1:1781)
    at process.<anonymous> (micromark/node_modules/jsfuzz/build/src/worker.js:63:30)
@ChristianMurphy ChristianMurphy added 🐛 type/bug This is a problem 🙉 open/needs-info This needs some more info labels Sep 17, 2020
@ChristianMurphy ChristianMurphy changed the title URIError: URI malformed micromark crashes on invalid URI Sep 17, 2020
@wooorm wooorm closed this as completed in 0873e9e Sep 18, 2020
@wooorm
Copy link
Member

wooorm commented Sep 18, 2020

Well, that was an interesting deep-dive into uris! Fixed!

@wooorm wooorm added ⛵️ status/released 👶 semver/patch This is a backwards-compatible fix 🗄 area/interface This affects the public interface and removed 🙉 open/needs-info This needs some more info labels Sep 18, 2020
@wooorm wooorm added the 💪 phase/solved Post is done label Apr 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🗄 area/interface This affects the public interface 💪 phase/solved Post is done 👶 semver/patch This is a backwards-compatible fix 🐛 type/bug This is a problem
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wooorm @ChristianMurphy