diff --git a/lib/helpers/parse_link_destination.js b/lib/helpers/parse_link_destination.js index 14ff19a4..738b91b5 100644 --- a/lib/helpers/parse_link_destination.js +++ b/lib/helpers/parse_link_destination.js @@ -49,7 +49,8 @@ export default function parseLinkDestination(state, pos) { if (code === 0x20) { break; } - if (code > 0x08 && code < 0x0e) { break; } + // ascii control chars + if (code < 0x20 || code === 0x7F) { break; } if (code === 0x5C /* \ */ && pos + 1 < max) { pos += 2; diff --git a/test/fixtures/remarkable/xss.txt b/test/fixtures/remarkable/xss.txt index 6fc22e04..016fc531 100644 --- a/test/fixtures/remarkable/xss.txt +++ b/test/fixtures/remarkable/xss.txt @@ -77,3 +77,12 @@ javascript:alert(1)
javascript:alert(1)
javascript:alert(1)
. + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +src line: 82 + +. +[ASCII control characters XSS](javascript:alert(1)) +. +[ASCII control characters XSS](javascript:alert(1))
+.