Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes
Description
discourse-footnote is a library providing footnotes for posts in Discourse.
Impact
When posting an inline footnote wrapped in ` tags (e.g. ^[footnote], the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an ` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.2+ 1 more
- (no CPE)range: <0.2
- (no CPE)range: < 0.2
Patches
Vulnerability mechanics
References
2- github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661abmitrex_refsource_MISC
- github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.