fix xss vulnerability in mathjax parsing

woodwardoge · Apr 12, 2011 · 17dcde1 · 17dcde1
1 parent d3594f6
commit 17dcde1
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/lib/gollum/markup.rb b/lib/gollum/markup.rb
@@ -74,12 +74,14 @@ def doc_to_html(doc)
     # Returns the placeholder'd String data.
     def extract_tex(data)
       data.gsub(/\\\[\s*(.*?)\s*\\\]/m) do
-        id = Digest::SHA1.hexdigest($1)
-        @texmap[id] = [:block, $1]
+        tag = CGI.escapeHTML($1)
+        id  = Digest::SHA1.hexdigest(tag)
+        @texmap[id] = [:block, tag]
         id
       end.gsub(/\\\(\s*(.*?)\s*\\\)/m) do
-        id = Digest::SHA1.hexdigest($1)
-        @texmap[id] = [:inline, $1]
+        tag = CGI.escapeHTML($1)
+        id  = Digest::SHA1.hexdigest(tag)
+        @texmap[id] = [:inline, tag]
         id
       end
     end