kallithea Files · scripts/whitespacecleanup.sh

Files @ ddad3be4dc44

Branch filter:

Location: kallithea/scripts/whitespacecleanup.sh

ddad3be4dc44 926 B text/x-sh Show Annotation Show as Raw Download as Raw

Thomas De Schampheleire

changeset: fix XSS vulnerability in parent-child navigation

The 'Parent Rev.' - 'Child Rev.' links on changesets and in the file browser
normally immediately jump to the correct revision upon click. But, if there
are multiple candidates, e.g. two children of a commit, then a list of
revisions is shown as hyperlinks instead.

These hyperlinks have a 'title' attribute containing the full commit message
of the corresponding commit. When this commit message contains characters
special to HTML, like ", >, etc. they were added literally to the HTML code.

This can lead to a cross-site scripting (XSS) vulnerability when an attacker
has write access to a repository. They could craft a special commit message
that would introduce HTML and/or JavaScript code when the commit is listed
in such 'parent-child' navigation links.

Escape the commit message before using it further.

#!/bin/bash -x

# Enforce some consistency in whitespace - just to avoid spurious whitespaces changes

files=`hg mani | egrep -v '/fontello/|/email_templates/|(/lockfiles.py|^LICENSE-MERGELY.html|^docs/Makefile|^scripts/whitespacecleanup.sh|/(graph|mergely|native.history)\.js|/test_dump_html_mails.ref.html|\.png|\.gif|\.ico|\.pot|\.po|\.mo|\.tar\.gz|\.diff)$'`

sed -i "s/`printf '\r'`//g" $files
sed -i -e "s,`printf '\t'`,    ,g" $files
sed -i -e "s,  *$,,g" $files
sed -i -e 's,\([^ ]\)\\$,\1 \\,g' -e 's,\(["'"'"']["'"'"']["'"'"']\) \\$,\1\\,g' $files
# ensure one trailing newline - remove empty last line and make last line include trailing newline:
sed -i -e '$,${/^$/d}' -e '$a\' $files

sed -i -e 's,\([^ /]\){,\1 {,g' `hg loc '*.css'`
sed -i -e 's|^\([^ /].*,\)\([^ ]\)|\1 \2|g' `hg loc '*.css'`

hg mani | xargs chmod -x
hg loc 'set:!binary()&grep("^#!")&!(**_tmpl.py)&!(**/template**)' | xargs chmod +x

hg diff