Changeset - 391fde4cbf12
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 7 years ago 2019-02-27 02:30:18
mads@kiilerich.com
base: escape branch/tag/bookmark names in 'Switch To' menu to prevent XSS

On repository pages, the 'Switch To' did not escape branches correctly.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks with
.html_escape() .
1 file changed with 2 insertions and 2 deletions:
kallithea/templates/base/base.html
2
2
0 comments (0 inline, 0 general)
kallithea/templates/base/base.html
Show inline comments
 
@@ -194,10 +194,10 @@
 
          dropdownAutoWidth: true,
 
          sortResults: prefixFirstSort,
 
          formatResult: function(obj) {
 
              return obj.text;
 
              return obj.text.html_escape();
 
          },
 
          formatSelection: function(obj) {
 
              return obj.text;
 
              return obj.text.html_escape();
 
          },
 
          formatNoMatches: function(term) {
 
              return ${h.jshtml(_('No matches found'))};
0 comments (0 inline, 0 general)
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.