Fix xss for Markdown elements where [[_TOC_]] is enabled
This commit is contained in:
parent
fb08183e63
commit
00c68e1b03
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Fix XSS vulnerability for table of content generation
|
||||||
|
merge_request:
|
||||||
|
author:
|
||||||
|
type: security
|
|
@ -92,7 +92,7 @@ module Banzai
|
||||||
def text
|
def text
|
||||||
return '' unless node
|
return '' unless node
|
||||||
|
|
||||||
@text ||= node.text
|
@text ||= EscapeUtils.escape_html(node.text)
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -139,5 +139,14 @@ describe Banzai::Filter::TableOfContentsFilter do
|
||||||
expect(items[5].ancestors).to include(items[4])
|
expect(items[5].ancestors).to include(items[4])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'header text contains escaped content' do
|
||||||
|
let(:content) { '<img src="x" onerror="alert(42)">' }
|
||||||
|
let(:results) { result(header(1, content)) }
|
||||||
|
|
||||||
|
it 'outputs escaped content' do
|
||||||
|
expect(doc.inner_html).to include(content)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue