Skip to content

Commit

Permalink
[CVE-2024-51735/GHSA-wvv7-wm5v-w2gv] Fix XSS In Markdown Resolver
Browse files Browse the repository at this point in the history
  • Loading branch information
@adrianosela
adrianosela committed Dec 10, 2024
1 parent 815c261 commit 191538b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions core/markdown.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package core

import (
"path"
"text/template"

"fmt"
"os"
Expand Down Expand Up @@ -111,6 +112,7 @@ func (r *Runner) ResolveContentSrc(tag string) string {
}

if strings.Contains(tag, "shorten=true") || len(fileContent) > r.Opt.MDCodeBlockLimit {
fileContent = template.HTMLEscapeString(fileContent) // sanitize file content to prevent XSS
return extendTag(fileContent)
}

Expand Down

0 comments on commit 191538b

Please sign in to comment.