Am 16.07.2017 um 11:17 schrieb Sönke Ludwig:
(...)
However, I just noticed that this is still possible to exploit in the
Markdown processor. User defined HTML is filtered, but link targets are
passed to the rendered HTML as-is (just HTML encoded).
https://github.com/rejectedsoftware/vibe.d/pul
Am 15.07.2017 um 23:54 schrieb tetyys:
very nice!
one question about the https://github.com/rejectedsoftware/vibe.d/commit/e4a600f911218c49f9984734b8ba36f193e99c17
wouldn't this
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Image_XSS_using_the_JavaScript_directive
pass normall
very nice!
one question about the https://github.com/rejectedsoftware/vibe.d/commit/e4a600f911218c49f9984734b8ba36f193e99c17
wouldn't this
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Image_XSS_using_the_JavaScript_directive pass normally?
Am 11.07.2017 um 15:13 schrieb Jack Applegame:
slightly reduced
/+ dub.json:
{
"name": "test",
"versions": ["VibeManualMemoryManagement"],
"dependencies": {
"vibe-d": "~>0.8.0"
}
}
+/
module main;
import std.conv;
import std.stdio;
imp
slightly reduced
/+ dub.json:
{
"name": "test",
"versions": ["VibeManualMemoryManagement"],
"dependencies": {
"vibe-d": "~>0.8.0"
}
}
+/
module main;
import std.conv;
import std.stdio;
import
Many thanks!
https requests with manual memory management leads to assertion.
DMD64 D Compiler v2.074.1
DUB version 1.3.0
Linux x86_64
Test case:
/+ dub.json:
{
"name": "test",
"versions": ["VibeManualMemoryManagement"],
"dependencies": {
Note: Due to recent issues with OpenSSL, the way OpenSSL/Botan get
selected as the TLS provider has changed. If you are using Botan, you'll
have to explicitly select the "botan" configuration of the new
"vibe-d:tls" package:
dependency "vibe-d:tls" version="~>0.8.0"
subConfigur
Am 10.07.2017 um 15:24 schrieb Steven Schveighoffer:
On 7/10/17 8:11 AM, Sönke Ludwig wrote:
BTW, @CyberShadow, I originally sent this using a NG client, but the
thread never appeared on forum.dlang.org
Even this one isn't there... Should be here:
http://forum.dlang.org/post/mmfrsonxrfxwltkf
On 7/10/17 8:11 AM, Sönke Ludwig wrote:
BTW, @CyberShadow, I originally sent this using a NG client, but the
thread never appeared on forum.dlang.org
Even this one isn't there... Should be here:
http://forum.dlang.org/post/mmfrsonxrfxwltkfv...@forum.dlang.org
-Steve