When visiting a repo, scripts in the readme get executed

Edit

akinslow

04 Feb, 2016 03:41 PM

The markdown rendering of a read me seems to be susceptible to code injection.

example readme:

<!DOCTYPE html>
<html>
<body>
<script>alert('haxed')</script>
</body>
</html>

Support Staff 1 Posted by Anton Gogolev on 07 Feb, 2016 05:14 PM

Thanks a lot!

This is fixed in 1.9.6:

https://hglabhq.com/download/1.9.6
- Edit

Reply to this discussion

Internal reply

Name

Email

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

Remove

Attach File: You can attach files up to 10MB

Verify Human: If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

New Issue
Conversation Started

A conversation has been started with the HgLab staff to resolve this discussion.
Close the discussion Close the discussion

Private Permissions

This discussion is private. Only you and HgLab support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	12 Jan, 2023 12:25 PM	Crash when selecting new respository
	10 Jan, 2023 04:49 PM	Active Directory/LDAP
	03 Aug, 2022 01:49 PM	Error opening HG lab (was working fine yesterday)
	05 Jul, 2022 07:01 PM	Problem with page "HgLab Servicing"
	28 Mar, 2022 04:42 PM	New Market Group renewal

	21 Jan, 2022 10:43 AM	How can I use BullGuard for spyware removal?
	20 Jan, 2022 10:45 AM	Netflix not working for some movie \| 0800-368-9065
	18 Jan, 2022 10:15 AM	How can I add Yahoo mail account to Gmail app?
	19 Mar, 2021 06:13 PM	HgLab shows blank page after upgrade
	01 Mar, 2021 02:51 PM	File Checked out state
	01 Jan, 2021 02:19 AM	Server Crash

HgLab Support