Fix xss for Markdown elements where [[_TOC_]] is enabled
This commit is contained in:
parent
fb08183e63
commit
00c68e1b03
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix XSS vulnerability for table of content generation
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -92,7 +92,7 @@ module Banzai
|
|||
def text
|
||||
return '' unless node
|
||||
|
||||
@text ||= node.text
|
||||
@text ||= EscapeUtils.escape_html(node.text)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -139,5 +139,14 @@ describe Banzai::Filter::TableOfContentsFilter do
|
|||
expect(items[5].ancestors).to include(items[4])
|
||||
end
|
||||
end
|
||||
|
||||
context 'header text contains escaped content' do
|
||||
let(:content) { '<img src="x" onerror="alert(42)">' }
|
||||
let(:results) { result(header(1, content)) }
|
||||
|
||||
it 'outputs escaped content' do
|
||||
expect(doc.inner_html).to include(content)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue