diff options
Diffstat (limited to 'dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch')
| -rw-r--r-- | dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch deleted file mode 100644 index ec36340f8aad..000000000000 --- a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch +++ /dev/null @@ -1,58 +0,0 @@ -Patch taken from Debian (via upstream pull request that is still pending) - -http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/ -https://github.com/jgarber/redcloth/pull/20/commits - -From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001 -From: Antonio Terceiro <terceiro@debian.org> -Date: Sat, 7 Feb 2015 23:27:39 -0200 -Subject: [PATCH] Filter out 'javascript:' links when using filter_html or - sanitize_html - -This is a fix for CVE-2012-6684 ---- - lib/redcloth/formatters/html.rb | 6 +++++- - spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++ - 2 files changed, 19 insertions(+), 1 deletion(-) - create mode 100644 spec/security/CVE-2012-6684_spec.rb - -diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb -index bfadfb7..b8793b2 100644 ---- a/lib/redcloth/formatters/html.rb -+++ b/lib/redcloth/formatters/html.rb -@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML - end - - def link(opts) -- "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" -+ if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/ -+ opts[:name] -+ else -+ "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" -+ end - end - - def image(opts) -diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb -new file mode 100644 -index 0000000..05219fd ---- /dev/null -+++ b/spec/security/CVE-2012-6684_spec.rb -@@ -0,0 +1,14 @@ -+# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684 -+ -+require 'redcloth' -+ -+describe 'CVE-2012-6684' do -+ -+ it 'should not let javascript links pass through' do -+ # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en -+ output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html -+ expect(output).to_not match(/href=.javascript:alert/) -+ end -+ -+ -+end --- -2.1.4 - |