Changeset - a8d873e9cab0
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Thomas De Schampheleire - 7 years ago 2019-02-26 21:27:42
thomas.de_schampheleire@nokia.com
compare: prevent XSS due to unescaped branch/tag/bookmark names

In the revision selection dropdown of the 'Compare' functionality, the
branch/tag/bookmark names were not correctly escaped.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks.
1 file changed with 1 insertions and 1 deletions:
kallithea/templates/compare/compare_diff.html
1
1
0 comments (0 inline, 0 general)
kallithea/templates/compare/compare_diff.html
Show inline comments
 
@@ -104,13 +104,13 @@ ${self.repo_context_bar('changelog')}
 
    var cache = {};
 

			




	
	
	
		
 
    function make_revision_dropdown(css_selector, repo_name, ref_name, cache_key) {

			




	
	
	
		
 
      $(css_selector).select2({

			




	
	
	
		
 
        placeholder: '{0}@{1}'.format(repo_name, ref_name || ${h.jshtml(_('Select changeset'))}),

			




	
	
	
		
 
        formatSelection: function(obj){

			




	
	
	
		
 
            return '{0}@{1}'.format(repo_name, obj.text);

			




	
	
	
		
 
            return '{0}@{1}'.format(repo_name, obj.text).html_escape();

			




	
	
	
		
 
        },

			




	
	
	
		
 
        dropdownAutoWidth: true,

			




	
	
	
		
 
        maxResults: 50,

			




	
	
	
		
 
        query: function(query){

			




	
	
	
		
 
          var key = cache_key;

			




	
	
	
		
 
          var cached = cache[key] ;

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.