Skip to content

Fix XSS from smuggling spans into image attributes (#702, #703)#704

Merged
nicholasserra merged 3 commits intotrentm:masterfrom
Crozzers:702-703-xss-issues
May 8, 2026
Merged

Fix XSS from smuggling spans into image attributes (#702, #703)#704
nicholasserra merged 3 commits intotrentm:masterfrom
Crozzers:702-703-xss-issues

Conversation

@Crozzers
Copy link
Copy Markdown
Contributor

@Crozzers Crozzers commented May 6, 2026

This PR fixes #702 and fixes #703.

702

For some reason, the code_span_re had re.S enabled, even though it was only for code spans? Not sure why as that's what fenced code blocks is for.

Disabled it, only test suite issue was latex where for some reason the code blocks were being converted? Not sure why

703

Issue was, as with #699 and #691, smuggling spans into image attributes - the alt, title, link text and src.

This PR fixes being able to smuggle it into the title through clever quoting

@nicholasserra
Copy link
Copy Markdown
Collaborator

nicholasserra commented May 8, 2026

Thanks!

@nicholasserra nicholasserra merged commit 28d94df into trentm:master May 8, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Safe Mode XSS (escape only) Safe Mode XSS

2 participants

@Crozzers @nicholasserra