Menu
▾
▴
[Python-markdown-discuss] Interesting bug resulting in INLINE_PLACEHOLDER left in output
|
From: Tom R. <to...@ri...> - 2010-02-22 14:31:23
|
I submitted this bug: http://www.freewisdom.org/projects/python-markdown/Tickets/000052 I'm using markdown to power a self-rolled comment system on my blog (more info here: http://ritter.vg/code_adventures_site.html#rev6 ) and I challenged people to exploit it. Someone managed to submit a comment that broke markdown. The output comes back with klzzwxh:0000 which includes the u'\u0002' and u'\u0003' strings. This in turn broke chrome's json parser. I tried fiddling with the input (changing brackets and the like) but it's fairly specific. Let me know if you need any more info - I'm on gentoo with the latest ebuild: [I] dev-python/markdown Installed versions: 2.0.3(15:21:58 02/06/10)(-pygments) Although strangely I see this: # python Python 2.6.4 (r264:75706, Dec 7 2009, 18:16:11) [GCC 4.1.2 (Gentoo 4.1.2 p1.3)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import markdown >>> markdown.version '2.0.1' I haven't investigated gentoo's ebuild but something's definetly fishy there... -tom |
