544007dcc4
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch | ||
0002-Better-fix-for-issue-348.patch | ||
Config.in | ||
python-markdown2.hash | ||
python-markdown2.mk |