summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Hughes <me@iamphill.com>2018-04-18 07:40:33 +0000
committerFilipa Lacerda <filipa@gitlab.com>2018-04-24 11:40:46 +0100
commitda8f9992bed1375323ce9c77a491878d2ff09bce (patch)
treede61b588206a041045f2999d781ab85f4dcf9608
parent7c525863311069923004e6fcd147ce45f8595fa5 (diff)
downloadgitlab-ce-da8f9992bed1375323ce9c77a491878d2ff09bce.tar.gz
Merge branch '10-5-security_issue_42029' into 'security-10-5'
Sanitize user name to avoid XSS attacks See merge request gitlab/gitlabhq!2374
Diffstat
-rw-r--r--app/assets/javascripts/sidebar/lib/sidebar_move_issue.js4
-rw-r--r--changelogs/unreleased/security_issue_42029.yml5
-rw-r--r--spec/javascripts/sidebar/mock_data.js2
-rw-r--r--spec/javascripts/sidebar/sidebar_move_issue_spec.js9
4 files changed, 18 insertions, 2 deletions
diff --git a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js
index 977dd83a7ea..1f05d4a77cc 100644
--- a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js
+++ b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js
@@ -1,3 +1,5 @@
+import _ from 'underscore';
+
function isValidProjectId(id) {
return id > 0;
}
@@ -41,7 +43,7 @@ class SidebarMoveIssue {
renderRow: project => `
<li>
<a href="#" class="js-move-issue-dropdown-item">
- ${project.name_with_namespace}
+ ${_.escape(project.name_with_namespace)}
</a>
</li>
`,
diff --git a/changelogs/unreleased/security_issue_42029.yml b/changelogs/unreleased/security_issue_42029.yml
new file mode 100644
index 00000000000..0772e33f930
--- /dev/null
+++ b/changelogs/unreleased/security_issue_42029.yml
@@ -0,0 +1,5 @@
+---
+title: Sanitizes user name to avoid XSS attacks
+merge_request:
+author:
+type: security
diff --git a/spec/javascripts/sidebar/mock_data.js b/spec/javascripts/sidebar/mock_data.js
index d9e84e35f69..19183abf1af 100644
--- a/spec/javascripts/sidebar/mock_data.js
+++ b/spec/javascripts/sidebar/mock_data.js
@@ -130,7 +130,7 @@ const RESPONSE_MAP = {
'name_with_namespace': 'No project',
}, {
'id': 20,
- 'name_with_namespace': 'foo / bar',
+ 'name_with_namespace': '<img src=x onerror=alert(document.domain)> foo / bar',
},
],
},
diff --git a/spec/javascripts/sidebar/sidebar_move_issue_spec.js b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
index 97f762d07a7..136964426f3 100644
--- a/spec/javascripts/sidebar/sidebar_move_issue_spec.js
+++ b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
@@ -68,6 +68,15 @@ describe('SidebarMoveIssue', () => {
expect($.fn.glDropdown).toHaveBeenCalled();
});
+
+ it('escapes html from project name', (done) => {
+ this.$toggleButton.dropdown('toggle');
+
+ setTimeout(() => {
+ expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('&lt;img src=x onerror=alert(document.domain)&gt; foo / bar');
+ done();
+ });
+ });
});
describe('onConfirmClicked', () => {
View Lorry Controller Status