Mercurial > kallithea
view .coveragerc @ 7657:b9b719fb4774 stable
search: fix XSS vulnerability in search results
The search feature did not correctly escape all arguments when displaying
search matches and linking to the corresponding files.
An attacker that can control the contents of a repository could thus cause
a cross-site scripting (XSS) vulnerability.
Fix the problem by removing the overall h.literal call that is only needed
for the HTML entity » and splitting the link instead.
We take the opportunity to improving the destination of the part before
» which is the path to the repository. Instead of pointing to the
search result, point to the repository itself.
The part after » remains linked to the file containing the search
match.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Wed, 24 Apr 2019 20:58:31 +0200 |
| parents | 4b241f198cf2 |
| children | d332fca29474 |
line wrap: on
line source
[run] omit = # the bin scripts are not part of the Kallithea web app kallithea/bin/* # we ship with no active extensions kallithea/config/rcextensions/* # dbmigrate is not a part of the Kallithea web app kallithea/lib/dbmigrate/* # the tests themselves should not be part of the coverage report kallithea/tests/* # the scm hooks are not run in the kallithea process kallithea/config/post_receive_tmpl.py kallithea/config/pre_receive_tmpl.py # same omit lines should be present in sections 'run' and 'report' [report] omit = # the bin scripts are not part of the Kallithea web app kallithea/bin/* # we ship with no active extensions kallithea/config/rcextensions/* # dbmigrate is not a part of the Kallithea web app kallithea/lib/dbmigrate/* # the tests themselves should not be part of the coverage report kallithea/tests/* # the scm hooks are not run in the kallithea process kallithea/config/post_receive_tmpl.py kallithea/config/pre_receive_tmpl.py [paths] source = kallithea/ **/workspace/*/kallithea