Injection of link url #315

New Issue

Open

opened 2026-01-29 14:33:37 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 14:33:37 +00:00

Owner

Copy Link

Originally created by @OpportunityLiu on GitHub (Aug 12, 2019).

![image]("onclick="alert('click')"://)

will be rendered to

<p><img src=""onclick="alert&#40;'click'&#41;"://" alt="image" /></p>

Escaping is done after :, but all chars are preserved before the protocal sep :.

https://babelmark.github.io/?text=!%5Bimage%5D(%22onclick%3D%22alert%26amp%3B%2340%3B%27click%27%26amp%3B%2341%3B%22%3A%2F%2F)

Originally created by @OpportunityLiu on GitHub (Aug 12, 2019). ```md ![image]("onclick="alert&amp;#40;'click'&amp;#41;"://) ``` will be rendered to ```html <p><img src=""onclick="alert&#40;'click'&#41;"://" alt="image" /></p> ``` Escaping is done after `:`, but all chars are preserved before the protocal sep `:`. https://babelmark.github.io/?text=!%5Bimage%5D(%22onclick%3D%22alert%26amp%3B%2340%3B%27click%27%26amp%3B%2341%3B%22%3A%2F%2F)

claunia added the bugPR Welcome! labels 2026-01-29 14:33:37 +00:00

claunia referenced this issue 2026-01-29 14:47:35 +00:00

[PR #315] [MERGED] Fix ToPlainText with htmlentity #939

claunia referenced this issue 2026-01-29 14:47:38 +00:00

[PR #315] Fix ToPlainText with htmlentity #944

claunia referenced this issue 2026-01-29 14:47:46 +00:00

[PR #340] [MERGED] Fix regression from #315 #958

claunia referenced this issue 2026-01-29 14:47:50 +00:00

[PR #340] Fix regression from #315 #963

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

example-lunet-api-doc

jira-markup

perf-core-vs-mono

0.44.0

0.43.0

0.42.0

0.41.3

0.41.2

0.41.1

0.41.0

0.40.0

0.39.1

0.39.0

0.38.0

0.37.0

0.36.2

0.36.1

0.36.0

0.35.0

0.34.0

0.33.0

0.32.0

0.31.0

0.30.4

0.30.3

0.30.2

0.30.1

0.30.0

0.29.0

0.28.1

0.28.0

0.27.0

0.26.0

0.25.0

0.24.0

0.23.0

0.22.1

0.22.0

0.21.1

0.21.0

0.20.0

0.18.3

0.18.2

0.18.1

0.18.0

0.17.1

0.17.0

v0.16.0

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.9

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

documentation

enhancement

extension

Hacktoberfest

invalid

PR Welcome!

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label bug PR Welcome!

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/markdig#315