Files
@ 603f5f7c323d
Branch filter:
Location: kallithea/kallithea/templates/login.html - annotation
603f5f7c323d
2.5 KiB
text/html
pullrequests: prevent XSS in 'Potential Reviewers' list when first and last names cannot be trusted
If a user first or last name contains javascript, these fields need proper
escaping to avoid XSS attacks.
An example scenario is:
- the malicious user creates a repository. This will cause this user to be
listed automatically under 'Potential Reviewers' in pull requests.
- another user creates a pull request on that repository and selects the
suggested reviewer from the 'Potential Reviewers' list.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
Technical note: the other caller of addReviewMember in base.js itself does
_not_ need to be adapted to escape the input values, because the input
values (oData) are _already_ escaped (by the YUI framework).
If a user first or last name contains javascript, these fields need proper
escaping to avoid XSS attacks.
An example scenario is:
- the malicious user creates a repository. This will cause this user to be
listed automatically under 'Potential Reviewers' in pull requests.
- another user creates a pull request on that repository and selects the
suggested reviewer from the 'Potential Reviewers' list.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
Technical note: the other caller of addReviewMember in base.js itself does
_not_ need to be adapted to escape the input values, because the input
values (oData) are _already_ escaped (by the YUI framework).
d1addaf7a91e d1addaf7a91e d1addaf7a91e 37354e1ab283 d1addaf7a91e 37354e1ab283 d1addaf7a91e 7a5db341a942 d1addaf7a91e d1addaf7a91e 7a5db341a942 a540f7e69c82 a540f7e69c82 d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e 7a5db341a942 b537babcf966 d1addaf7a91e f6d278d6baed d1addaf7a91e d1addaf7a91e 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 d1addaf7a91e d1addaf7a91e d1addaf7a91e 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 d1addaf7a91e d1addaf7a91e d1addaf7a91e 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 7a5db341a942 d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e 7a5db341a942 7a5db341a942 7a5db341a942 d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e e271a8766951 b5e4758460f0 b5e4758460f0 d1addaf7a91e d1addaf7a91e d1addaf7a91e d1addaf7a91e | ## -*- coding: utf-8 -*-
<%inherit file="base/root.html"/>
<%block name="title">
${_('Log In')}
</%block>
<div id="login" class="panel panel-default">
<%include file="/base/flash_msg.html"/>
<!-- login -->
<div class="panel-heading title withlogo">
%if c.site_name:
<h5>${_('Log In to %s') % c.site_name}</h5>
%else:
<h5>${_('Log In')}</h5>
%endif
</div>
<div class="panel-body inner">
${h.form(url('login_home', came_from=c.came_from))}
<div class="form">
<i class="icon-lock"></i>
<!-- fields -->
<div class="form-horizontal">
<div class="form-group">
<label class="control-label col-sm-5" for="username">${_('Username')}:</label>
<div class="input col-sm-7">
${h.text('username',class_='form-control focus large')}
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-5" for="password">${_('Password')}:</label>
<div class="input col-sm-7">
${h.password('password',class_='form-control focus large')}
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-5 col-sm-7">
<div class="checkbox">
<label for="remember">
<input type="checkbox" id="remember" name="remember"/>
${_('Remember me')}
</label>
</div>
</div>
</div>
</div>
<!-- end fields -->
<!-- links -->
<div class="links">
${h.link_to(_('Forgot your password ?'),h.url('reset_password'))}
%if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
/
${h.link_to(_("Don't have an account ?"),h.url('register'))}
%endif
<span class="buttons">
${h.submit('sign_in',_('Sign In'),class_="btn btn-default")}
</span>
</div>
<!-- end links -->
</div>
${h.end_form()}
<script type="text/javascript">
$(document).ready(function(){
$('#username').focus();
});
</script>
</div>
<!-- end login -->
</div>
|