fix: xss issue #167

martor/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
 
-__VERSION__ = "1.6.8"
+__VERSION__ = "1.6.9"
 __AUTHOR__ = "Agus Makmun (Summon Agus)"
 __AUTHOR_EMAIL__ = "[email protected]"

martor/static/martor/js/martor.bootstrap.js

@@ -1,7 +1,7 @@
 /**
- * Name         : Martor v1.6.8
+ * Name         : Martor v1.6.9
  * Created by   : Agus Makmun (Summon Agus)
- * Release date : 21-Dec-2021
+ * Release date : 11-Jan-2022
  * License      : GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007
  * Repository   : https://github.com/agusmakmun/django-markdown-editor
 **/

martor/static/martor/js/martor.semantic.js

@@ -1,7 +1,7 @@
 /**
- * Name         : Martor v1.6.8
+ * Name         : Martor v1.6.9
  * Created by   : Agus Makmun (Summon Agus)
- * Release date : 21-Dec-2021
+ * Release date : 11-Jan-2022
  * License      : GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007
  * Repository   : https://github.com/agusmakmun/django-markdown-editor
 **/

martor/utils.py

@@ -34,7 +34,7 @@ def markdownify(markdown_text):
     # Sanitize Markdown links
     # https://github.com/netbox-community/netbox/commit/5af2b3c2f577a01d177cb24cda1019551a2a4b64
     schemes = "|".join(ALLOWED_URL_SCHEMES)
-    pattern = fr"\[(.+)\]\((?!({schemes})).*:(.+)\)"
+    pattern = fr"\[(.+)\]\((?!({schemes})).*(:|;)(.+)\)"
     markdown_text = re.sub(
         pattern,
         "[\\1](\\3)",