Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
A bug in the Sundown and Redcarpet markdown parsers may lead to XSS
(
danlec.com
)
6 points
by
_jomo
on April 9, 2015
|
hide
|
past
|
favorite
|
3 comments
captn3m0
on April 9, 2015
[–]
No libraries listed on babelmark (or the versions used there) seem to be affected:
http://johnmacfarlane.net/babelmark2/?normalize=1&text=_danl...
danlec
on April 10, 2015
|
parent
[–]
Redcarpet would only exhibit the bug if the autolink extension were enabled, i.e. if it would render danlec@danlec.com as a link.
captn3m0
on April 10, 2015
|
root
|
parent
[–]
Interesting. That makes it much more clearer. I was confused as to why links were being generated without angular brackets being involved.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: