Mercurial > kallithea
changeset 7547:a8d873e9cab0
compare: prevent XSS due to unescaped branch/tag/bookmark names
In the revision selection dropdown of the 'Compare' functionality, the
branch/tag/bookmark names were not correctly escaped.
This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.
Fix the problem by correctly escaping the branch/tag/bookmarks.
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Tue, 26 Feb 2019 21:27:42 +0100 |
| parents | 391fde4cbf12 |
| children | e08c2b38ae0d |
| files | kallithea/templates/compare/compare_diff.html |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/templates/compare/compare_diff.html Wed Feb 27 02:30:18 2019 +0100 +++ b/kallithea/templates/compare/compare_diff.html Tue Feb 26 21:27:42 2019 +0100 @@ -107,7 +107,7 @@ $(css_selector).select2({ placeholder: '{0}@{1}'.format(repo_name, ref_name || ${h.jshtml(_('Select changeset'))}), formatSelection: function(obj){ - return '{0}@{1}'.format(repo_name, obj.text); + return '{0}@{1}'.format(repo_name, obj.text).html_escape(); }, dropdownAutoWidth: true, maxResults: 50,