Security: Sanitize <nowiki>
Another XSS hole: the contents of <nowiki>...</nowiki> was not being sanitized.
This commit is contained in:
parent
9035c98dc5
commit
119ab342dc
1 changed files with 5 additions and 1 deletions
|
@ -13,6 +13,10 @@ require 'chunks/chunk'
|
|||
#
|
||||
# Author: Mark Reid <mark at threewordslong dot com>
|
||||
# Created: 8th June 2004
|
||||
|
||||
require 'sanitize'
|
||||
include Sanitize
|
||||
|
||||
class NoWiki < Chunk::Abstract
|
||||
|
||||
NOWIKI_PATTERN = Regexp.new('<nowiki>(.*?)</nowiki>', Regexp::MULTILINE)
|
||||
|
@ -22,7 +26,7 @@ class NoWiki < Chunk::Abstract
|
|||
|
||||
def initialize(match_data, content)
|
||||
super
|
||||
@plain_text = @unmask_text = match_data[1]
|
||||
@plain_text = @unmask_text = sanitize_xhtml(match_data[1])
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue