Context Navigation

Modify ↓

#14026 closed defect (fixed)

MarkdownMacro renders unsafe content

Reported by:	Cinc-th	Owned by:	Cinc-th
Priority:	highest	Component:	MarkdownMacro
Severity:	normal	Keywords:
Cc:		Trac Release:

Description

The MarkdownMacro currently renders unsafe HTML. The following example excutes the contained javascript code.

{{{#!Markdown
# Markdown header

<script>
  alert('Gotcha!');
</script>

}}}

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by Cinc-th

Resolution:	→ fixed
Status:	assigned → closed

In 18325:

MarkdownMacro: don't render unsafe html like <script> unless enabled by config render_unsafe_content. While at it remove unused code and refactor slightly. Fixed a potential bug in MarkdownFormatter component.

Closes #14026

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Cinc-th.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: