Mercurial > kallithea

changeset 7554:04e44ea05c5f stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
compare: prevent XSS due to unescaped branch/tag/bookmark names In the revision selection dropdown of the 'Compare' functionality, the branch/tag/bookmark names were not correctly escaped. This means that if an attacker is able to push a branch/tag/bookmark containing HTML/JavaScript in its name, then that code would be evaluated. This is a cross-site scripting (XSS) vulnerability. Fix the problem by correctly escaping the branch/tag/bookmarks.
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Tue, 26 Feb 2019 21:27:42 +0100
parents c9bd000a4567
children 9376ca7157f3
files kallithea/templates/compare/compare_diff.html
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/templates/compare/compare_diff.html	Mon Feb 11 21:36:55 2019 +0100
+++ b/kallithea/templates/compare/compare_diff.html	Tue Feb 26 21:27:42 2019 +0100
@@ -101,7 +101,7 @@
       $(css_selector).select2({
         placeholder: placeholder,
         formatSelection: function(obj){
-            return '{0}@{1}'.format(repo_name, obj.text);
+            return '{0}@{1}'.format(repo_name, obj.text).html_escape();
         },
         dropdownAutoWidth: true,
         query: function(query){