New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
${file} in page causes failure #82
Comments
That's really odd. Can you supply a test case file/snippet? |
I see what you're seeing. It's a bug in templating. It assumes you're giving Markserv a file to include, eg: If no link is supplied the behavior should be to not try and continue loading the file. This fixes your problem: // libs/server.js: 323
file: (url, opts) => new Promise(resolve => {
if (!url) {
return resolve(false)
} Will try to get a fix for this soon. That being said, there's a deeper issue here. Templating should be more solid, and I'm not sure it's actually being used by people. Perhaps it should be turned off by default. Do you use templating? |
Hi, thanks for your reply! (Sorry for not responding earlier, the mail got lost in the "Forum" section of my mail, and I don't see any notifs in github). I did not turn templating on, nor did I turn it off. I don't have a use for templating yet. One would assume anything in a code block is escaped. So maybe parsing template code in a code block should be turned off entirely? I tried common escape characters on ${file}, but though they helped the issue, they did so by showing up in the printed code block. That begs the question how one would make a markdown page about templating 😄 I'll try your solution today or tomorrow! (And afterwards I'll probably turn templating off). |
Your solution works like a charm! For others having the same issue:
|
I have the same problem; I have applied the solution described here and it solved it as well. I am running markserv 1.17.4. I would like to know when this issue is going to be fixed. It's been 1 year now... Thanks. |
Would you like to submit a PR @Max-Z80 ? |
@F1LT3R Sure !
Nothing obvious to me. |
Found out the problem. It was my environment. Turns out that my machine was configured to support localhost on a IPV6 address while my kernel does not support IPV6. |
Thanks @Max-Z80 - I'll take a look this weekend. |
Sorry I didn't finish this yet @Max-Z80 - I've not forgotten you. I ran into issues with Travis no reporting whether tests passed on your PR. I'll try and get back to you in the next few days. |
I have a weird issue. A page wasn't loading, and it turned out to be because of this code block:
More testing:
Does anyone have an idea why this happens? Sounds like possible code injection vulnerability perhaps?
The text was updated successfully, but these errors were encountered: