Files @ c9bd000a4567
Branch filter:

Location: kallithea/docs/api/models.rst

c9bd000a4567 632 B text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
templates/summary: escape branch/tag/bookmark names in 'Download as zip' links to prevent XSS

On a repository summary page, in the 'Download' section where you can
download an archive of the repository at a given revision, the branch/tag
names were not correctly escaped.

This means that if an attacker is able to push a branch/tag/bookmark
containing HTML/JavaScript in its name, then that code would be evaluated.
This is a cross-site scripting (XSS) vulnerability.

Fix the problem by correctly escaping the branch/tag/bookmarks.

Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
.. _models:

========================
The :mod:`models` module
========================

.. automodule:: kallithea.model
   :members:

.. automodule:: kallithea.model.comment
   :members:

.. automodule:: kallithea.model.notification
   :members:

.. automodule:: kallithea.model.permission
   :members:

.. automodule:: kallithea.model.repo_permission
   :members:

.. automodule:: kallithea.model.repo
   :members:

.. automodule:: kallithea.model.repo_group
   :members:

.. automodule:: kallithea.model.scm
   :members:

.. automodule:: kallithea.model.user
   :members:

.. automodule:: kallithea.model.user_group
   :members:
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.