Mercurial > kallithea
changeset 7546:391fde4cbf12
base: escape branch/tag/bookmark names in 'Switch To' menu to prevent XSS
On repository pages, the 'Switch To' did not escape branches correctly.
This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.
Fix the problem by correctly escaping the branch/tag/bookmarks with
.html_escape() .
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Wed, 27 Feb 2019 02:30:18 +0100 |
parents | 109b068ba6e5 |
children | a8d873e9cab0 |
files | kallithea/templates/base/base.html |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/templates/base/base.html Mon Feb 11 21:36:55 2019 +0100 +++ b/kallithea/templates/base/base.html Wed Feb 27 02:30:18 2019 +0100 @@ -194,10 +194,10 @@ dropdownAutoWidth: true, sortResults: prefixFirstSort, formatResult: function(obj) { - return obj.text; + return obj.text.html_escape(); }, formatSelection: function(obj) { - return obj.text; + return obj.text.html_escape(); }, formatNoMatches: function(term) { return ${h.jshtml(_('No matches found'))};