ticket id 000052

status resolved

priority ???

assigned to Waylan

Reported by: Tom Ritter Component:

Markdown this text:

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

Using this code:

md = markdown.Markdown(safe_mode="escape", extensions=[DisableImagesExtension()])
self.htmlcomment = md.convert(comment)

And this extension:

import markdown
from markdown import etree

class DisableImagesExtension(markdown.Extension):
    def extendMarkdown(self, md, md_globals):
        md.treeprocessors.add('disableImages', DisableImages(md), '_end')

class DisableImages(markdown.treeprocessors.Treeprocessor):
    def descendRemove(self, element):
        for i in element:
            if i.tag == 'img':
                element.remove(i)
            else:
                self.descendRemove(i)
    def run(self, root):
        self.descendRemove(root)
        return root

This in turn produces a javascript error in chrome. Compare this page in Chrome and FF: http://ritter.vg/placeholder.html

Resolution

fixed