kallithea Files · docs/theme/nature/static/pygments.css

Files @ a8d873e9cab0

Branch filter:

Location: kallithea/docs/theme/nature/static/pygments.css - annotation

a8d873e9cab0 2.7 KiB text/css Show Source Show as Raw Download as Raw

Thomas De Schampheleire

compare: prevent XSS due to unescaped branch/tag/bookmark names

In the revision selection dropdown of the 'Compare' functionality, the
branch/tag/bookmark names were not correctly escaped.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks.

5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
5f481e4e888b
f0384b9ed5b9

.c { color: #999988; font-style: italic } /* Comment */
.k { font-weight: bold } /* Keyword */
.o { font-weight: bold } /* Operator */
.cm { color: #999988; font-style: italic } /* Comment.Multiline */
.cp { color: #999999; font-weight: bold } /* Comment.preproc */
.c1 { color: #999988; font-style: italic } /* Comment.Single */
.gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.ge { font-style: italic } /* Generic.Emph */
.gr { color: #aa0000 } /* Generic.Error */
.gh { color: #999999 } /* Generic.Heading */
.gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.go { color: #111 } /* Generic.Output */
.gp { color: #555555 } /* Generic.Prompt */
.gs { font-weight: bold } /* Generic.Strong */
.gu { color: #aaaaaa } /* Generic.Subheading */
.gt { color: #aa0000 } /* Generic.Traceback */
.kc { font-weight: bold } /* Keyword.Constant */
.kd { font-weight: bold } /* Keyword.Declaration */
.kp { font-weight: bold } /* Keyword.Pseudo */
.kr { font-weight: bold } /* Keyword.Reserved */
.kt { color: #445588; font-weight: bold } /* Keyword.Type */
.m { color: #009999 } /* Literal.Number */
.s { color: #bb8844 } /* Literal.String */
.na { color: #008080 } /* Name.Attribute */
.nb { color: #999999 } /* Name.Builtin */
.nc { color: #445588; font-weight: bold } /* Name.Class */
.no { color: #ff99ff } /* Name.Constant */
.ni { color: #800080 } /* Name.Entity */
.ne { color: #990000; font-weight: bold } /* Name.Exception */
.nf { color: #990000; font-weight: bold } /* Name.Function */
.nn { color: #555555 } /* Name.Namespace */
.nt { color: #000080 } /* Name.Tag */
.nv { color: purple } /* Name.Variable */
.ow { font-weight: bold } /* Operator.Word */
.mf { color: #009999 } /* Literal.Number.Float */
.mh { color: #009999 } /* Literal.Number.Hex */
.mi { color: #009999 } /* Literal.Number.Integer */
.mo { color: #009999 } /* Literal.Number.Oct */
.sb { color: #bb8844 } /* Literal.String.Backtick */
.sc { color: #bb8844 } /* Literal.String.Char */
.sd { color: #bb8844 } /* Literal.String.Doc */
.s2 { color: #bb8844 } /* Literal.String.Double */
.se { color: #bb8844 } /* Literal.String.Escape */
.sh { color: #bb8844 } /* Literal.String.Heredoc */
.si { color: #bb8844 } /* Literal.String.Interpol */
.sx { color: #bb8844 } /* Literal.String.Other */
.sr { color: #808000 } /* Literal.String.Regex */
.s1 { color: #bb8844 } /* Literal.String.Single */
.ss { color: #bb8844 } /* Literal.String.Symbol */
.bp { color: #999999 } /* Name.Builtin.Pseudo */
.vc { color: #ff99ff } /* Name.Variable.Class */
.vg { color: #ff99ff } /* Name.Variable.Global */
.vi { color: #ff99ff } /* Name.Variable.Instance */
.il { color: #009999 } /* Literal.Number.Integer.Long */