-
-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] bad url bypass, could lead to XSS #332
Comments
Thanks for the issue. Would you want to do a pull request? |
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
This triggered a GitHub security vulnerability notification in one of my repos today. Any chance that this can get fixed and republished? |
helper-markdown depends on remarkable which has unfixed security issue jonschlinkert/remarkable#332
helper-markdown depends on remarkable which has unfixed security issue jonschlinkert/remarkable#332
Still not fixed. But why this snippet does not produce the expected issue ? Tried using @trichimtrich's code and #227. None of them work on Firefox.
|
The xss one works for me in Safari but not in Chrome. There is likely something in Chrome preventing such an attack? The first one doesn't work for me on the demo page, because it is turned into the URL https://jonschlinkert.github.io/x0ejavascript:alert(1) which then returns a 404 (not sure why). I am therefore not sure if it can be proved through the demo page... |
@sundowndev there are two CVEs open currently:
Both these issues were raised based on calling I think I was able to replicate both these issues by using:
The comment line makes the demo page hang if I turn the "html" flag on. |
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes jonschlinkert#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes #332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes #332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Closes jonschlinkert/remarkable#332 The code here is very similar to other markdown libraries, so I pretty much did what they do: - https://github.com/npm/marky-markdown/blob/008509231558765695938020a376b5b2e4fd4fcc/lib/gfm/override-link-destination-parser.js#L67 - https://github.com/markdown-it/markdown-it/blob/ba6830ba13fb92953a91fb90318964ccd15b82c4/lib/helpers/parse_link_destination.js#L53
Hi, check out this reported issue
#227
Im able to bypass the bad url check, implemented here
https://github.com/jonschlinkert/remarkable/blob/master/lib/parser_inline.js#L146
It will generate output like this
Which could pop up an alert when user clicks into it.
Fix: maybe we can strip unprintable character around the url scheme?
The text was updated successfully, but these errors were encountered: