Broken HTML generation OP 01/18/2018 (Thu) 17:44:42 Id: 61d67f No. 517
Markdown links containing quoted text or quotes to posts generate invalid HTML. For example:

http://google.com/>507
http://google.com/ class="quoteLink" href="/lynxchan/res/505.html#507">>>507
http://google.com/ class="quoteLink" href="/lynxchan/res/505.html#507">>>>/lynxchan/507

This could have security implications (the resulting HTML looks quite bad), but I cannot find a way to exploit it at first glance. Suggested fix:

diff --git a/src/be/engine/postingOps/common.js b/src/be/engine/postingOps/common.js
--- a/src/be/engine/postingOps/common.js
+++ b/src/be/engine/postingOps/common.js
@@ -471,9 +471,9 @@ exports.replaceMarkdown = function(message, posts, board, replaceCode, cb) {

});

- message = message.replace(/(http|https)\:\/\/\S+/g, function links(match) {
+ message = message.replace(/https?\:\/\/[^\s<>"]+/g, function links(match) {
Message too long. Click here to view full text.