GitLab not affected by Redcarpet XSS vulnerability

← Back to company

Two days ago, Daniel LeCheminant released a blog post describing a potential cross-site scripting vulnerability in the Redcarpet Markdown library. GitLab is not affected by this vulnerability.

Background

The vulnerability affects applications that send the HTML that is output by the Redcarpet Markdown library directly to the user's browser. GitLab takes the output through an extra step of HTML sanitization, which strips out potentially dangerous code, like onclick attributes that can execute JavaScript.

Please contact us at support at gitlab.com if you have any questions about this issue.

GitLab not affected by Redcarpet XSS vulnerability via @DouweM Click to tweet!

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab for Free

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

View page source — Edit in Web IDE — please contribute.

GitLab not affected by Redcarpet XSS vulnerability

Background

More Posts Like This:

Write once, deploy anywhere: Containerized applications on modern serverless platforms

At GitLab Commit, our product roadmap, new partners, and a new milestone

Salani kakuhle (bye!) and thanks for a great summit in Cape Town!

Try all GitLab features - free for 30 days