-
-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need help fixing a non-security issue… #214
Comments
What pipeline and filter are you using? |
@jch : See the update. That’s why I can’t figure about the bug. Nor I can even figure how the content is escaped between two disabled HTML tags. |
What is your server implementation? If you're asking about github.com markup, this library is not tied to the site's implementation and you should contact https://github.com/support |
@jch : ok, I thought the library version used by github.com was the same as this public one. Sorry… |
@ytrezq no worries ;) I'm going to close this for now |
Before I submit any pull requests on that page, just need help with a question as I’m unable to reproduce the behaviour locally :
Where is the code responsible for escaping the content between 2 not whitelisted/disabled html tags (I also think to the dependencies) ?
So that :
renders :
<title>[test](https://ww.google.fr)</title> However, doing the same locally :renders :
test
which means :
<a href="https://www.google.fr">test</a>
in plain text.An alternative even trigger contents being escaped twice
<xmp>test</xmp>
finnally there is the <plaintext> tag
<plaintext></plaintext> which while being stripped makes the whole page after it being escaped.
It even escape the final tag of the paragraph. It also can’t be closed
The text was updated successfully, but these errors were encountered: