When visiting a repo, scripts in the readme get executed

akinslow's Avatar

akinslow

04 Feb, 2016 03:41 PM

The markdown rendering of a read me seems to be susceptible to code injection.

example readme:

<!DOCTYPE html>
<html>
<body>
<script>alert('haxed')</script>
</body>
</html>

  1. Support Staff 1 Posted by Anton Gogolev on 07 Feb, 2016 05:14 PM

    Anton Gogolev's Avatar

    Thanks a lot!

    This is fixed in 1.9.6:

    https://hglabhq.com/download/1.9.6

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

03 Aug, 2022 01:49 PM
05 Jul, 2022 07:01 PM
28 Mar, 2022 04:42 PM
21 Jan, 2022 10:43 AM
20 Jan, 2022 10:45 AM

 

18 Jan, 2022 10:15 AM
19 Mar, 2021 06:13 PM
01 Mar, 2021 02:51 PM
01 Jan, 2021 02:19 AM
28 Aug, 2020 08:34 AM
23 Jun, 2020 08:29 AM