• Patrick Bajao's avatar
    Sanitize output by dependency linkers · 17015e66
    Patrick Bajao authored
    When there are URLs defined in some dependency file (e.g. Gemfile,
    gemspec, etc), they get converted to links. We are not sanitizing
    it so if some `javascript:` code is added as a URL, it can cause
    XSS vulnerability.
    17015e66
base_linker.rb 2.7 KB