Skip to content

Commit

Permalink
[CVE-2024-51735/GHSA-wvv7-wm5v-w2gv] Fix XSS In Markdown Resolver
Browse files Browse the repository at this point in the history
  • Loading branch information
@adrianosela
adrianosela committed Dec 10, 2024
1 parent 815c261 commit addb487
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions core/markdown.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package core

import (
"path"
"text/template"

"fmt"
"os"
Expand Down Expand Up @@ -106,6 +107,9 @@ func (r *Runner) ResolveContentSrc(tag string) string {
fileContent := utils.GetFileContent(match[1])
utils.DebugF("Replace content src: %v", color.GreenString(match[1]))

// sanitize file content to prevent XSS
fileContent = template.HTMLEscapeString(fileContent)

if strings.Contains(tag, "expand=true") {
return "```\n" + fileContent + "```"
}
Expand Down

0 comments on commit addb487

Please sign in to comment.