Am 15.07.2017 um 23:54 schrieb tetyys:
very nice!

one question about the </ encoding:

wouldn't this
pass normally?

If a user supplied image URL is passed to the "src" attribute unchecked, then yes. But this would work regardless of the JSON escape rules and really needs to be prevented by the application code.

However, I just noticed that this is still possible to exploit in the Markdown processor. User defined HTML is filtered, but link targets are passed to the rendered HTML as-is (just HTML encoded).

Reply via email to