fix: sanitize image src in ForumState HTML output#270
Conversation
Escape image URL attributes and add URL scheme validation in _render_post_image() and the reply image block in to_html() to prevent potential HTML injection via unsanitized src values.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
@googlebot I have signed the CLA. |
1 similar comment
|
@googlebot I have signed the CLA. |
|
@google-deepmind/concordia-team Hi, I have signed the Google CLA at |
|
Hi team, I have a valid Google Individual CLA signed on May 3, 2026 |
Escape image URL attributes and add URL scheme validation
in _render_post_image() and the reply image block in to_html()
to prevent potential HTML injection via unsanitized src values.
Changes: