IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 09:26:54 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: double-escaped single quotes in URLs

Browse Source
This commit is contained in:
Jens Maier 2014-09-18 22:00:34 +02:00
parent da91ab25cf
commit 543bc53598
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/lib/markdown.js
View File

@ -166,7 +166,7 @@ Discourse.Markdown = {
var url = typeof(uri) === "string" ? uri : uri.toString();
// escape single quotes
url = url.replace(/'/g, "'");
url = url.replace(/'/g, "%27");
// whitelist some iframe only
if (hints && hints.XML_TAG === "iframe" && hints.XML_ATTR === "src") {

2
test/javascripts/lib/markdown-test.js.es6
View File

@ -458,7 +458,7 @@ test("urlAllowed", function() {
allowed("//eviltrout.com/evil/trout", "allows protocol relative urls");
equal(urlAllowed("http://google.com/test'onmouseover=alert('XSS!');//.swf"),
"http://google.com/test'onmouseover=alert('XSS!');//.swf",
"http://google.com/test%27onmouseover=alert(%27XSS!%27);//.swf",
"escape single quotes");
});