diff options
author | John MacFarlane <jgm@berkeley.edu> | 2015-07-07 11:15:40 -0700 |
---|---|---|
committer | John MacFarlane <jgm@berkeley.edu> | 2015-07-07 11:15:40 -0700 |
commit | 9e528f4c0ce47c3ae7d233ba9627d2ed3df60fd7 (patch) | |
tree | 2964da504b5f7cb899a1ae245e3a2e99915f84e4 /windows/pandoc.wxs | |
parent | 7398dea65fd57281b73698fdbf5c709bf0e64ed7 (diff) | |
download | pandoc-9e528f4c0ce47c3ae7d233ba9627d2ed3df60fd7.tar.gz |
Fixed email javascript obfuscation with mailto: URLs.
This fixes a potential security issue. Because single quotes weren't
being escaped in the link portion, a specially crafted email address
could allow javascript code injection.
[Jim'+alert('hi')+'OBrien](mailto:me@example.com)
Closes #2280.
Diffstat (limited to 'windows/pandoc.wxs')
0 files changed, 0 insertions, 0 deletions