Login
or
register
Overview
Introduction
Features
Credits
License
This Wiki
Status
News
Releases
Change Log
Recent Wiki Edits
User Guide
Installation
Command Line
Using as a Module
Integration
Reporting Bugs
Advanced
Mailing List
Source Code
Test Suite
Extensions
Extensions
Writing Extensions
Available Extensions
Related Projects
Tickets
▹ 000052
Parsing Fails and leaves INLINE_PLACEHOLDER in output
Anonymous users must enter
captcha
below.
Don't put anything here
Ticket Information
Ticket Title
Markdown this text: <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> Using this code: md = markdown.Markdown(safe_mode="escape", extensions=[DisableImagesExtension()]) self.htmlcomment = md.convert(comment) And this extension: import markdown from markdown import etree class DisableImagesExtension(markdown.Extension): def extendMarkdown(self, md, md_globals): md.treeprocessors.add('disableImages', DisableImages(md), '_end') class DisableImages(markdown.treeprocessors.Treeprocessor): def descendRemove(self, element): for i in element: if i.tag == 'img': element.remove(i) else: self.descendRemove(i) def run(self, root): self.descendRemove(root) return root This in turn produces a javascript error in chrome. Compare this page in Chrome and FF: http://ritter.vg/placeholder.html
Reported by
Assigned to
Status
open
someday
resolved
closed
Resolution
n.a.
fixed
wontfix
Advanced Fields
Priority
unassigned
high
medium
low
Resolution Explanation
Component
Don't put anything here
About This Edit
Minor Edit
Don't put anything here
Edit Summary
Don't put anything here
Don't put anything here
Don't put anything here
save
preview
cancel
Powered by
Sputnik
|
XHTML 1.1
