Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #410 from trentm/nicholasserra-409-redos
Be more strict on auto linking url
  • Loading branch information
nicholasserra committed Oct 16, 2021
2 parents bd707a8 + b634a6d commit 66da6ed
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/markdown2.py
Expand Up @@ -1235,7 +1235,7 @@ def _run_span_gamut(self, text):
\s*/?>
|
# auto-link (e.g., <http://www.activestate.com/>)
<\w+[^>]*>
<[\w~:/?#\[\]@!$&'\(\)*+,;%=\.\\-]+>
|
<!--.*?--> # comment
|
Expand Down
2 changes: 1 addition & 1 deletion test/tm-cases/issue341_xss.html
Expand Up @@ -2,4 +2,4 @@
<ftp:<a href="#">[HTML_REMOVED]alert(1);//</a>&gt;<ftp:<a href="#">[HTML_REMOVED]</a>&gt;</p>

<p>Example 2:
<http://g<!s://q?<!-&lt;<a href="http://g">[HTML_REMOVED]alert(1);/*</a>->a><http://g<!s://g.c?<!-&lt;<a href="http://g">a\\*/[HTML_REMOVED]alert(1);/*</a>->a></p>
&lt;http://g<!s://q?<!-&lt;<a href="http://g">[HTML_REMOVED]alert(1);/\*</a>->a>&lt;http://g<!s://g.c?<!-&lt;<a href="http://g">a\\*/[HTML_REMOVED]alert(1);/*</a>->a></p>

0 comments on commit 66da6ed

Please sign in to comment.