Mercurial > kallithea

changeset 7546:391fde4cbf12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
base: escape branch/tag/bookmark names in 'Switch To' menu to prevent XSS On repository pages, the 'Switch To' did not escape branches correctly. This means that if an attacker is able to push a branch/tag/bookmark containing HTML/JavaScript in its name, then that code would be evaluated. This is a cross-site scripting (XSS) vulnerability. Fix the problem by correctly escaping the branch/tag/bookmarks with .html_escape() .
author Mads Kiilerich <mads@kiilerich.com>
date Wed, 27 Feb 2019 02:30:18 +0100
parents 109b068ba6e5
children a8d873e9cab0
files kallithea/templates/base/base.html
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/templates/base/base.html	Mon Feb 11 21:36:55 2019 +0100
+++ b/kallithea/templates/base/base.html	Wed Feb 27 02:30:18 2019 +0100
@@ -194,10 +194,10 @@
           dropdownAutoWidth: true,
           sortResults: prefixFirstSort,
           formatResult: function(obj) {
-              return obj.text;
+              return obj.text.html_escape();
           },
           formatSelection: function(obj) {
-              return obj.text;
+              return obj.text.html_escape();
           },
           formatNoMatches: function(term) {
               return ${h.jshtml(_('No matches found'))};