aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 22:14:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Mark 3.4.3 (#2063)

Browse Source 
# 3.4.3 / 2022-03-07

**Security**

- Bump cmarkgfm to 0.8.0 to resolve CVE-2022-24724. Copied entry from 3.4.2 since 3.4.2 introduced a bug that prevented writing raw HTML.

**General**

- Fix issue where raw HTML would not be rendered in markdown
This commit is contained in:
Kevin Chung
2022-03-07 19:00:52 -05:00
committed by GitHub
parent 7aea1ce347
commit 262d896a0e
5 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -1,3 +1,13 @@
# 3.4.3 / 2022-03-07
**Security**
- Bump cmarkgfm to 0.8.0 to resolve CVE-2022-24724. Copied entry from 3.4.2 since 3.4.2 introduced a bug that prevented writing raw HTML.
**General**
- Fix issue where raw HTML would not be rendered in markdown
# 3.4.2 / 2022-03-07
**Security**

2
CTFd/__init__.py
View File

@@ -29,7 +29,7 @@ from CTFd.utils.migrations import create_database, migrations, stamp_latest_revi
from CTFd.utils.sessions import CachingSessionInterface
from CTFd.utils.updates import update_check
__version__ = "3.4.2"
__version__ = "3.4.3"
__channel__ = "oss"

5
CTFd/utils/__init__.py
View File

@@ -1,6 +1,7 @@
from enum import Enum
import cmarkgfm
from cmarkgfm.cmark import Options
from flask import current_app as app
# isort:imports-firstparty
@@ -14,7 +15,9 @@ binary_type = bytes
def markdown(md):
return cmarkgfm.markdown_to_html_with_extensions(
md, extensions=["autolink", "table", "strikethrough"]
md,
extensions=["autolink", "table", "strikethrough"],
options=Options.CMARK_OPT_UNSAFE,
)

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "ctfd",
"version": "3.4.2",
"version": "3.4.3",
"description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.",
"main": "index.js",
"directories": {

12
tests/utils/test_markdown.py Normal file
View File

@@ -0,0 +1,12 @@
from CTFd.utils import markdown
def test_markdown():
"""
Test that our markdown function renders properly
"""
# Allow raw HTML / potentially unsafe HTML
assert (
markdown("<iframe src='https://example.com'></iframe>").strip()
== "<iframe src='https://example.com'></iframe>"
)