wiki.ohea.xyz/gollum
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix xss vulnerability in mathjax parsing

Browse Source
This commit is contained in:
rick
2011-04-11 23:29:06 -04:00
parent 2523b4e849
commit be72bcf353
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/gollum/markup.rb
+6 -4
View File
@@ -74,12 +74,14 @@ module Gollum
# Returns the placeholder'd String data. # Returns the placeholder'd String data.
def extract_tex(data) def extract_tex(data)
data.gsub(/\\\[\s*(.*?)\s*\\\]/m) do data.gsub(/\\\[\s*(.*?)\s*\\\]/m) do
id = Digest::SHA1.hexdigest($1) tag = CGI.escapeHTML($1)
@texmap[id] = [:block, $1] id = Digest::SHA1.hexdigest(tag)
@texmap[id] = [:block, tag]
id id
end.gsub(/\\\(\s*(.*?)\s*\\\)/m) do end.gsub(/\\\(\s*(.*?)\s*\\\)/m) do
id = Digest::SHA1.hexdigest($1) tag = CGI.escapeHTML($1)
@texmap[id] = [:inline, $1] id = Digest::SHA1.hexdigest(tag)
@texmap[id] = [:inline, tag]
id id
end end
end end