Files @ 391fde4cbf12
Branch filter:

Location: kallithea/.hgignore

391fde4cbf12 1.1 KiB text/plain Show Annotation Show as Raw Download as Raw
Mads Kiilerich
base: escape branch/tag/bookmark names in 'Switch To' menu to prevent XSS

On repository pages, the 'Switch To' did not escape branches correctly.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks with
.html_escape() .
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
syntax: glob
*.pyc
*.swp
*.sqlite
*.tox
*.egg-info
*.egg
*.mo
.eggs/
tarballcache/

syntax: regexp
^rcextensions
^build
^dist/
^docs/build/
^docs/_build/
^data$
^sql_dumps/
^\.settings$
^\.project$
^\.pydevproject$
^\.coverage$
^kallithea/front-end/node_modules$
^kallithea/front-end/package-lock\.json$
^kallithea/front-end/tmp$
^kallithea/public/codemirror$
^kallithea/public/css/select2-spinner\.gif$
^kallithea/public/css/select2\.png$
^kallithea/public/css/select2x2\.png$
^kallithea/public/css/style\.css$
^kallithea/public/css/style\.css\.map$
^kallithea/public/js/bootstrap\.js$
^kallithea/public/js/dataTables\.bootstrap\.js$
^kallithea/public/js/jquery\.atwho\.min\.js$
^kallithea/public/js/jquery\.caret\.min\.js$
^kallithea/public/js/jquery\.dataTables\.js$
^kallithea/public/js/jquery\.flot\.js$
^kallithea/public/js/jquery\.flot\.selection\.js$
^kallithea/public/js/jquery\.flot\.time\.js$
^kallithea/public/js/jquery\.min\.js$
^kallithea/public/js/select2\.js$
^theme\.less$
^kallithea\.db$
^test\.db$
^Kallithea\.egg-info$
^my\.ini$
^fabfile.py
^\.idea$
^\.cache$
^\.pytest_cache$
/__pycache__$
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.