Skip to content

fix: remove empty anchor tags from GHSA vulnerability details #4431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

fix: remove empty anchor tags from GHSA vulnerability details #4431

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9b240f2
fix: remove empty anchor tags from GHSA vulnerability details
Vasuk12 Nov 29, 2025
2bcecde
fix: remove data layer anchor tag sanitization, keep frontend-only fix
Vasuk12 Dec 1, 2025
66d2251
fix: remove empty anchor tags from rendered markdown
Vasuk12 Dec 2, 2025
e33a424
fix: remove empty anchor tags from rendered markdown
Vasuk12 Dec 2, 2025
3ff7db2
fix: update comment with issue number
Vasuk12 Dec 2, 2025
175dc25
fix: add pylint disable for long regex line
Vasuk12 Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions gcp/website/frontend_emulator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,9 @@ def _dict_to_vuln(data: object,
if not vuln_id:
return None

vulnerability = vulnerability_pb2.Vulnerability()
try:
json_format.ParseDict(data, vulnerability, ignore_unknown_fields=True)
vulnerability = sources.parse_vulnerability_from_dict(
data, strict=False)
except Exception as error:
print(f'[emulator] Failed to convert entry in {path}: {error}')
return None
Expand Down
4 changes: 4 additions & 0 deletions gcp/website/frontend_handlers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -834,6 +834,9 @@ def sort_versions(versions: list[str], ecosystem: str) -> list[str]:
# with
# <a href="https://chromium.googlesource.com/v8/v8.git/+/refs/heads/beta">
_URL_MARKDOWN_REPLACER = re.compile(r'(<a href=\".*?)(/ /)(.*?\">)')
_ANCHOR_TAG_REPLACER = re.compile(
r'<a\s+[^>]*name=["\'][^"\']*["\'][^>]*>\s*</a>|<a\s+[^>]*name=["\'][^"\']*["\'][^>]*/>',
re.IGNORECASE)


@blueprint.app_template_filter('markdown')
Expand All @@ -852,6 +855,7 @@ def markdown(text):
# space rather than %2B
# See: https://github.com/trentm/python-markdown2/issues/621
md = _URL_MARKDOWN_REPLACER.sub(r'\1/+/\3', md)
md = _ANCHOR_TAG_REPLACER.sub('', md)

return md

Expand Down
13 changes: 13 additions & 0 deletions osv/sources.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import hashlib
import logging
import os
import re

import jsonschema
import pygit2
Expand Down Expand Up @@ -162,9 +163,21 @@ def _get_nested_vulnerability(data, key_path=None):
return data


def _sanitize_anchor_tags(text):
if not text or not isinstance(text, str):
return text
pattern = r'<a\s+[^>]*name=["\'][^"\']*["\'][^>]*>\s*</a>|<a\s+[^>]*name=["\'][^"\']*["\'][^>]*/>'
return re.sub(pattern, '', text, flags=re.IGNORECASE)


def parse_vulnerability_from_dict(data, key_path=None, strict=False):
"""Parse vulnerability from dict."""
data = _get_nested_vulnerability(data, key_path)

# Sanitize anchor tags from details field if present
if isinstance(data, dict) and 'details' in data and data['details']:
data['details'] = _sanitize_anchor_tags(data['details'])

try:
jsonschema.validate(data, load_schema())
except jsonschema.exceptions.ValidationError as e:
Expand Down