Need help fixing a non-security issue… #214
Comments
|
What pipeline and filter are you using? |
|
@jch : See the update. That’s why I can’t figure about the bug. Nor I can even figure how the content is escaped between two disabled HTML tags. |
What is your server implementation? If you're asking about github.com markup, this library is not tied to the site's implementation and you should contact https://github.com/support |
|
@jch : ok, I thought the library version used by github.com was the same as this public one. Sorry… |
|
@ytrezq no worries ;) I'm going to close this for now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before I submit any pull requests on that page, just need help with a question as I’m unable to reproduce the behaviour locally :
Where is the code responsible for escaping the content between 2 not whitelisted/disabled html tags (I also think to the dependencies) ?
So that :
renders :
<title>[test](https://ww.google.fr)</title> However, doing the same locally :renders :
test
which means :
<a href="https://www.google.fr">test</a>in plain text.An alternative even trigger contents being escaped twice
<xmp>test</xmp>
finnally there is the <plaintext> tag
<plaintext></plaintext> which while being stripped makes the whole page after it being escaped.
It even escape the final tag of the paragraph. It also can’t be closed
The text was updated successfully, but these errors were encountered: