From 50422d1e281281bb36a9da45a3245fa2400600f4 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Sat, 13 Mar 2021 13:29:57 -0700
Subject: [PATCH] Markdown.pl: better sanitization of href and src attributes

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 Markdown.pl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Markdown.pl b/Markdown.pl
index 54fe26a..53a8f12 100755
--- a/Markdown.pl
+++ b/Markdown.pl
@@ -3712,6 +3712,13 @@ sub _SanitizeAtt {
     return "" if $_[3]->{$att}; # no repeats
     $_[3]->{$att} = 1;
     $impatt{$att} and return $att."=".'"'.$att.'"';
+    (($_[4] eq "a" && $att eq "href") ||
+     ($_[4] eq "img" && $att eq "src")) &&
+    $_[1] =~ /^\s*[\047\042]\s*javascript:/io and do {
+	$_[1] = '"#"';
+	ref($opt{base_prefix}) eq 'CODE' and
+	    $_[1] = '"' . escapeXML(&{$opt{base_prefix}}("#")) . '"';
+    };
     if ($lcattval{$att}) {
 	return $att."="._SanitizeAttValue(lc($_[1]))." ";
     } else {