Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

added data: link fix to prevent xss #844

Merged
merged 1 commit into from
Jan 20, 2017
Merged

added data: link fix to prevent xss #844

merged 1 commit into from
Jan 20, 2017

Conversation

matt-
Copy link
Contributor

@matt- matt- commented Jan 19, 2017

No description provided.

@matt- matt- merged commit 8f9d0b7 into master Jan 20, 2017
@matt-
Copy link
Contributor Author

matt- commented Jan 25, 2017

@chjj I added this along the same lines as the javascript: xss. Can we version bump and push this?

@matt- matt- mentioned this pull request Jan 31, 2017
Closed
@paulirish
Copy link

Heya @matt-
Can we expect a version bump out soon? We're interested in this fix and would like to avoid depending on a specific github commit if possible. ;)

@paulirish paulirish mentioned this pull request Feb 14, 2017
Closed
@matt-
Copy link
Contributor Author

matt- commented Feb 14, 2017
edited
Loading

No idea thats up to @chjj. I personally would love to see a bump to get this resolved.

@paulirish
Copy link

k. thank you!

@chjj can you add the other contributors here to the npm package so they can publish as well?

@guypod
Copy link

guypod commented Feb 15, 2017

@paulirish note in the meantime you can also use a Snyk patch (see the bottom of https://snyk.io/vuln/npm:marked:20170112).

When we initially reported the problem it had no fix, but once Matt created a fix we captured it as a Snyk patch too. More about Snyk patches here: https://snyk.io/docs/security

@matt- matt- mentioned this pull request Mar 6, 2017
Closed
@zhangbobell
Copy link

Thank you very much to send this pull request, it's help me a lot!

@matt- matt- mentioned this pull request Mar 14, 2017
Closed
@matt- matt- mentioned this pull request Aug 2, 2017
Closed
@ankon ankon mentioned this pull request Nov 28, 2017
Closed
@joshbruce joshbruce mentioned this pull request Dec 5, 2017
Closed
@danielwpz danielwpz mentioned this pull request Feb 23, 2018
Merged
@dark-flames dark-flames mentioned this pull request Mar 21, 2018
Closed
@UziTech UziTech deleted the data_link_fix branch June 28, 2019 15:35
zhenalexfan pushed a commit to zhenalexfan/MarkdownHan that referenced this pull request Nov 8, 2021
@matt-
Merge pull request markedjs#844 from chjj/data_link_fix
2498312 
added data link fix to prevent xss
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@matt- @paulirish @guypod @zhangbobell