zulip/zerver/tests/test_markdown.py at 02be415122aec3ddc19f4f57f9d1caa1c29cf136

mirror of https://github.com/zulip/zulip.git synced 2025-11-16 11:52:01 +00:00

Files

Anders Kaseorg 4a61e36def CVE-2022-36048: Rewrite only specific local links to relative.

Due to mismatches between the URL parsers in Python and browsers, it
was possible to hoodwink rewrite_local_links_to_relative into
generating links that browsers would interpret as absolute.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

2022-08-24 16:29:09 -07:00

136 KiB

Raw Blame History

View Raw

136 KiB Raw Blame History

136 KiB

Raw Blame History