Skip to content
This repository has been archived by the owner on Jun 13, 2024. It is now read-only.

Implement Markdown Escaping in Relevant Areas #10

Open
KazWolfe opened this issue Nov 7, 2021 · 0 comments
Open

Implement Markdown Escaping in Relevant Areas #10

KazWolfe opened this issue Nov 7, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@KazWolfe
Copy link
Contributor

KazWolfe commented Nov 7, 2021
edited
Loading

Describe the bug

Currently, certain functions (especially /dma search) do not escape markdown that get passed to them. As such, commands such as the following are possible:

/dma search test` from [DMA](https://malicious-website.wolf):

To Reproduce

Steps to reproduce the behavior:

  1. Run above sample command in any DMW-aware server.

Expected behavior

Markdown should be escaped properly and content should not be injectable.

Screenshots

image
@KazWolfe KazWolfe added the bug Something isn't working label Nov 7, 2021
@KazWolfe KazWolfe mentioned this issue Nov 7, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KazWolfe