Closed Bug 566102 Opened 12 years ago Closed 12 years ago

[k] Improve parsing to filter out non-valid URL/URIs

Categories

(support.mozilla.org :: Forum, task, P2)

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: stephend, Assigned: jsocol)

References

()

Details

STR:

1. Load http://support-stage-new.mozilla.com/en-US/forums/test-forum/2?page=7
2. Try to click on the links or mouse-over them (if they're just styled, and aren't linked)

None of the links are valid URI/URLs, to my knowledge; we should do better at parsing/linking them (they're all obviously SQL-injection debris).
(In reply to comment #1)
> (My personal favorite is
> http://support-stage-new.mozilla.com/en-US/forums/test-forum/2?page=8#post-162),
> where it links http://support-stage-new.mozilla.com/|%5C

Technically, that is a valid URL. All those characters are allowed.

We should check whether Bleach's linkify() or the markup parser is linkifying things like `document.vulnerable`, but they are just links, to nowhere, in particular, so not all that dangerous.
This was a Bleach.linkify() bug. Added tests and fixed it. Version bump to 0.3.2.

http://github.com/jsocol/bleach/commit/47edcde303

If it doesn't pick up we may have to kick pip to update, but it should be fine.
Assignee: nobody → james
Severity: major → normal
Status: NEW → RESOLVED
Closed: 12 years ago
Priority: -- → P2
Resolution: --- → FIXED
Verified FIXED; really nice work!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.