| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 0.1.0 |
| Bug #19844 | Error in url parsing | ||
|---|---|---|---|
| Submitted: | 2013-03-07 01:31 UTC | ||
| From: | vhome | Assigned: | |
| Status: | Open | Package: | HTML_BBCodeParser2 (version 0.1.0) |
| PHP Version: | 5.4.11 | OS: | centos |
| Roadmaps: | (Not assigned) | ||
[2013-03-07 01:31 UTC] vhome
(Valeriy Vhome)
Description:
------------
Instead of 1 link it give me broken html with 2 links
This also allow to do XSS attacks
Test script:
---------------
Input code:
[url=http://malware.testing.google.test/testing/malware/]Your text to link here...[/url]http://malware.testing.google.test/testing/malware/
Expected result:
----------------
<a
href='http://malware.testing.google.test/testing/malware/'>Your
text to link here...
</a>http://malware.testing.google.test/testing/malware/
Actual result:
--------------
<a
href='http://malware.testing.google.test/testing/malware/'>Your
text to link here...</a><a
href='http://malware.testing.google.test/testing/malware/'>http:/
/malware.testing.google.test/testing/malware/</a>
Comments
[2014-11-13 00:43 UTC] klapin
(Klap-in Klap-in)
The parser accepts also urls without [url] tags. That is a feature, not a bug.