Changeset - a8d873e9cab0
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Thomas De Schampheleire - 7 years ago 2019-02-26 21:27:42
thomas.de_schampheleire@nokia.com
compare: prevent XSS due to unescaped branch/tag/bookmark names

In the revision selection dropdown of the 'Compare' functionality, the
branch/tag/bookmark names were not correctly escaped.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks.
1 file changed with 1 insertions and 1 deletions:
kallithea/templates/compare/compare_diff.html
1
1
0 comments (0 inline, 0 general)
kallithea/templates/compare/compare_diff.html
Show inline comments
 
@@ -107,7 +107,7 @@ ${self.repo_context_bar('changelog')}
 
      $(css_selector).select2({
 
        placeholder: '{0}@{1}'.format(repo_name, ref_name || ${h.jshtml(_('Select changeset'))}),
 
        formatSelection: function(obj){
 
            return '{0}@{1}'.format(repo_name, obj.text);
 
            return '{0}@{1}'.format(repo_name, obj.text).html_escape();
 
        },
 
        dropdownAutoWidth: true,
 
        maxResults: 50,
0 comments (0 inline, 0 general)
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.