1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
Description: ensure src prop is sanitized
Author: Evan Jacobs <probablyup@gmail.com>
Origin: upstream, https://github.com/quantizor/markdown-to-jsx/commit/8eb74da8
Bug: https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886
Bug-Debian: https://bugs.debian.org/1085375
Forwarded: not-needed
Applied-Upstream: 7.4.0, commit:8eb74da8
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2025-04-13
--- a/index.tsx
+++ b/index.tsx
@@ -739,7 +739,7 @@
return styles
}, {})
- } else if (key === 'href') {
+ } else if (key === 'href' || key === 'src') {
return sanitizeUrl(value)
} else if (value.match(INTERPOLATION_R)) {
// return as a string and let the consumer decide what to do with it
|