Impact
A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parse_document. This AST can then be converted to HTML via html::format_document_with_plugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain [u8] fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case.
Patches
0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays.
Workarounds
- Validate UTF-8 correctness of all data when assigning to
&[u8] and Vec<u8> fields in the AST.
References
n/a
Impact
A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with
parse_document. This AST can then be converted to HTML viahtml::format_document_with_plugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain[u8]fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case.Patches
0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays.
Workarounds
&[u8]andVec<u8>fields in the AST.References
n/a