Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Ports
rubygem-RedCloth
0001-Filter-out-javascript-links-when-using-fil...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Filter-out-javascript-links-when-using-filter_html-o.patch of Package rubygem-RedCloth
From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001 From: Antonio Terceiro <terceiro@debian.org> Date: Sat, 7 Feb 2015 23:27:39 -0200 Subject: [PATCH] Filter out 'javascript:' links when using filter_html or sanitize_html This is a fix for CVE-2012-6684 --- lib/redcloth/formatters/html.rb | 6 +++++- spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 spec/security/CVE-2012-6684_spec.rb diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb index bfadfb7..b8793b2 100644 --- a/lib/redcloth/formatters/html.rb +++ b/lib/redcloth/formatters/html.rb @@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML end def link(opts) - "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" + if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/ + opts[:name] + else + "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" + end end def image(opts) diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb new file mode 100644 index 0000000..05219fd --- /dev/null +++ b/spec/security/CVE-2012-6684_spec.rb @@ -0,0 +1,14 @@ +# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684 + +require 'redcloth' + +describe 'CVE-2012-6684' do + + it 'should not let javascript links pass through' do + # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en + output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html + expect(output).to_not match(/href=.javascript:alert/) + end + + +end -- 2.1.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor