projects / buildroot.git / blob
? search:


ee980e22e828ba87af72743b6e5d638f857c1a3a
[buildroot.git] /
1 From 9144d0fc5d5249cc4d81287ee79091806e6dde52 Mon Sep 17 00:00:00 2001
2 From: Gareth Simpson <gareth.simpson@zoodigital.com>
3 Date: Fri, 1 May 2020 19:31:21 +0100
4 Subject: [PATCH] Fix for issue 348 - incomplete tags with punctuation after as
5 part of the tag name are a source of XSS
6
7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
8 [Retrieved from:
9 https://github.com/trentm/python-markdown2/commit/9144d0fc5d5249cc4d81287ee79091806e6dde52]
10 ---
11 lib/markdown2.py | 2 +-
12 test/tm-cases/issue348_incomplete_tag.html | 1 +
13 test/tm-cases/issue348_incomplete_tag.opts | 1 +
14 test/tm-cases/issue348_incomplete_tag.text | 1 +
15 4 files changed, 4 insertions(+), 1 deletion(-)
16 create mode 100644 test/tm-cases/issue348_incomplete_tag.html
17 create mode 100644 test/tm-cases/issue348_incomplete_tag.opts
18 create mode 100644 test/tm-cases/issue348_incomplete_tag.text
19
20 diff --git a/lib/markdown2.py b/lib/markdown2.py
21 index 3a5d5d9..636bf07 100755
22 --- a/lib/markdown2.py
23 +++ b/lib/markdown2.py
24 @@ -2164,7 +2164,7 @@ def _encode_amps_and_angles(self, text):
25 text = self._naked_gt_re.sub('&gt;', text)
26 return text
27
28 - _incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)")
29 + _incomplete_tags_re = re.compile("<(/?\w+?(?!://).?[\s/]+?)")
30
31 def _encode_incomplete_tags(self, text):
32 if self.safe_mode not in ("replace", "escape"):
33 diff --git a/test/tm-cases/issue348_incomplete_tag.html b/test/tm-cases/issue348_incomplete_tag.html
34 new file mode 100644
35 index 0000000..46059cc
36 --- /dev/null
37 +++ b/test/tm-cases/issue348_incomplete_tag.html
38 @@ -0,0 +1 @@
39 +<p>&lt;lol@/ //id="pwn"//onclick="alert(1)"//<strong>abc</strong></p>
40 diff --git a/test/tm-cases/issue348_incomplete_tag.opts b/test/tm-cases/issue348_incomplete_tag.opts
41 new file mode 100644
42 index 0000000..ad487c0
43 --- /dev/null
44 +++ b/test/tm-cases/issue348_incomplete_tag.opts
45 @@ -0,0 +1 @@
46 +{"safe_mode": "escape"}
47 diff --git a/test/tm-cases/issue348_incomplete_tag.text b/test/tm-cases/issue348_incomplete_tag.text
48 new file mode 100644
49 index 0000000..bb4a0de
50 --- /dev/null
51 +++ b/test/tm-cases/issue348_incomplete_tag.text
52 @@ -0,0 +1 @@
53 +<lol@/ //id="pwn"//onclick="alert(1)"//**abc**