When visiting a repo, scripts in the readme get executed

akinslow's Avatar

akinslow

04 Feb, 2016 03:41 PM

The markdown rendering of a read me seems to be susceptible to code injection.

example readme:

<!DOCTYPE html>
<html>
<body>
<script>alert('haxed')</script>
</body>
</html>

  1. Support Staff 1 Posted by Anton Gogolev on 07 Feb, 2016 05:14 PM

    Anton Gogolev's Avatar

    Thanks a lot!

    This is fixed in 1.9.6:

    https://hglabhq.com/download/1.9.6

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

18 Feb, 2019 09:20 AM
26 Nov, 2018 01:47 PM
16 Nov, 2018 07:51 PM
06 Nov, 2018 04:30 PM
24 Oct, 2018 07:57 AM

 

20 Jul, 2018 11:07 PM
05 Jul, 2018 10:53 AM
27 May, 2018 01:33 AM
14 May, 2018 03:38 PM
04 May, 2018 07:45 AM
28 Feb, 2018 07:08 AM