Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Renderers should consider relative links safe #72

Closed
codyrobbins opened this Issue Nov 23, 2011 · 0 comments

Comments

Projects
None yet
2 participants
Contributor

codyrobbins commented Nov 23, 2011

Problem

Unless there’s some edge cases I’m not thinking off—which there might be—I think renderers should consider links to relative URLs to be safe.

Example

Given

renderer  = Redcarpet::Render::HTML.new(safe_links_only: true)
redcarpet = Redcarpet::Markdown.new(renderer)

then

redcarpet.render('[Foo](/foo)')

won’t render a link, but

redcarpet.render('[Foo](http://example.com/foo)')

will render one.

Solution

Change this code to include '/'.

codyrobbins added a commit to codyrobbins/redcarpet that referenced this issue Nov 23, 2011

codyrobbins added a commit to codyrobbins/redcarpet that referenced this issue Nov 23, 2011

vmg added a commit that referenced this issue Nov 26, 2011

@robin850 robin850 closed this May 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment