Closed
Bug 566102
Opened 14 years ago
Closed 14 years ago
[k] Improve parsing to filter out non-valid URL/URIs
Categories
(support.mozilla.org :: Forum, task, P2)
support.mozilla.org
Forum
Tracking
(Not tracked)
VERIFIED
FIXED
2.1
People
(Reporter: stephend, Assigned: jsocol)
References
()
Details
STR: 1. Load http://support-stage-new.mozilla.com/en-US/forums/test-forum/2?page=7 2. Try to click on the links or mouse-over them (if they're just styled, and aren't linked) None of the links are valid URI/URLs, to my knowledge; we should do better at parsing/linking them (they're all obviously SQL-injection debris).
Reporter | ||
Comment 1•14 years ago
|
||
(My personal favorite is http://support-stage-new.mozilla.com/en-US/forums/test-forum/2?page=8#post-162), where it links http://support-stage-new.mozilla.com/|%5C
Assignee | ||
Comment 2•14 years ago
|
||
(In reply to comment #1) > (My personal favorite is > http://support-stage-new.mozilla.com/en-US/forums/test-forum/2?page=8#post-162), > where it links http://support-stage-new.mozilla.com/|%5C Technically, that is a valid URL. All those characters are allowed. We should check whether Bleach's linkify() or the markup parser is linkifying things like `document.vulnerable`, but they are just links, to nowhere, in particular, so not all that dangerous.
Assignee | ||
Comment 3•14 years ago
|
||
This was a Bleach.linkify() bug. Added tests and fixed it. Version bump to 0.3.2. http://github.com/jsocol/bleach/commit/47edcde303 If it doesn't pick up we may have to kick pip to update, but it should be fine.
Assignee: nobody → james
Severity: major → normal
Status: NEW → RESOLVED
Closed: 14 years ago
Priority: -- → P2
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•