github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-17 04:42:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: sanitize markdown urls (prevent XSS)

Browse Source
This commit is contained in:
Régis Hanol
2014-03-27 15:34:35 +01:00
parent d5b1b64bb8
commit e663d78104
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/javascripts/lib/markdown_test.js
View File

@ -352,6 +352,8 @@ test("sanitize", function() {
equal(sanitize("<textarea>hullo</textarea>"), "hullo");
equal(sanitize("<button>press me!</button>"), "press me!");
equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
});
test("URLs in BBCode tags", function() {