RedCloth 安全漏洞

RedCloth is a Ruby library from Jason Garber's personal developer. It is used to convert Textile to HTML. A security vulnerability exists in RedCloth v4.0.0, which stems from a Regular Expression Denial of Service ReDoS issue found in the sanitizehtml function, which can be exploited by an attack...

RedCloth Cross Site Scripting

I disclosed the following advisory about a XSS vulnerability of RedCloth Textile library for Ruby. http://co3k.org/blog/redcloth-unfixed-xss-en You shouldn't use RedCloth to parse user inputted contents and output the parsed string except that you allow your user to write arbitrary JavaScript cod...