fix(security): 2 improvements across 2 files#1651
Open
tomaioo wants to merge 2 commits into
Open
Conversation
- Security: Unsafe HTML Rendering in Markdown Fallback - Security: Command Injection via Unsanitized Input in Notification Function Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
- Security: Unsafe HTML Rendering in Markdown Fallback - Security: Command Injection via Unsanitized Input in Notification Function Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
floatpanebot
requested changes
Jul 5, 2026
floatpanebot
left a comment
Member
There was a problem hiding this comment.
Hi @tomaioo! Please fix the following issues with your PR:
- Title: Is too long (44 characters). The PR title must be strictly under 40 characters.
- Body: Missing the
## What?or## Why?headings required by the PR template.
Member
Benchmark report — no significant changeMetrics worse: 0 · better: 0 (threshold: ±3%). benchstat outputauto-generated by benchmarks.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fix(security): 2 improvements across 2 files
Problem
Severity:
High| File:clib/markdown_nocgo.go:L17The
markdownPlainTextHTMLfunction inclib/markdown_fallback.gowraps markdown content in a<pre>tag after escaping withhtml.EscapeString. While this escapes standard HTML entities, the function name and approach suggest it's a fallback for markdown rendering. Thehtml.EscapeStringfunction properly escapes<,>,&, and quotes, so this is actually safe for the intended purpose. However, theMarkdownToHTMLfunction inclib/markdown_nocgo.gouseshtml.WithUnsafe()renderer option with goldmark, which allows raw HTML in the markdown source to be rendered unescaped. This is a more significant concern as it could lead to XSS if user-controlled markdown is processed.Solution
Remove
html.WithUnsafe()from the goldmark renderer options, or ensure that all markdown input is properly sanitized before processing. TheWithUnsafeoption allows raw HTML to pass through, which is dangerous for untrusted content.Changes
clib/markdown_nocgo.go(modified)notify/notify.go(modified)