diff options
| author | Phil Hughes <me@iamphill.com> | 2018-04-18 07:40:36 +0000 |
|---|---|---|
| committer | Filipa Lacerda <filipa@gitlab.com> | 2018-04-24 12:28:49 +0100 |
| commit | 598247237a8a3f614203b9c270bc59fb48e8687f (patch) | |
| tree | 3968655e846c5fa838d79b4cc3e37e63734247d2 | |
| parent | 0d49bb867702b2699dcc544cdb2016cf67522bca (diff) | |
| download | gitlab-ce-598247237a8a3f614203b9c270bc59fb48e8687f.tar.gz | |
Merge branch '10-7-security_issue_42029' into 'security-10-7'
Sanitize user name to avoid XSS attacks
See merge request gitlab/gitlabhq!2373
4 files changed, 17 insertions, 2 deletions
diff --git a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js index 1eadebc7004..b267422cd97 100644 --- a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js +++ b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import _ from 'underscore'; function isValidProjectId(id) { return id > 0; @@ -43,7 +44,7 @@ class SidebarMoveIssue { renderRow: project => ` <li> <a href="#" class="js-move-issue-dropdown-item"> - ${project.name_with_namespace} + ${_.escape(project.name_with_namespace)} </a> </li> `, diff --git a/changelogs/unreleased/security_issue_42029.yml b/changelogs/unreleased/security_issue_42029.yml new file mode 100644 index 00000000000..0772e33f930 --- /dev/null +++ b/changelogs/unreleased/security_issue_42029.yml @@ -0,0 +1,5 @@ +--- +title: Sanitizes user name to avoid XSS attacks +merge_request: +author: +type: security diff --git a/spec/javascripts/sidebar/mock_data.js b/spec/javascripts/sidebar/mock_data.js index 8b6e8b24f00..fcd7bea3f6d 100644 --- a/spec/javascripts/sidebar/mock_data.js +++ b/spec/javascripts/sidebar/mock_data.js @@ -138,7 +138,7 @@ const RESPONSE_MAP = { }, { id: 20, - name_with_namespace: 'foo / bar', + name_with_namespace: '<img src=x onerror=alert(document.domain)> foo / bar', }, ], }, diff --git a/spec/javascripts/sidebar/sidebar_move_issue_spec.js b/spec/javascripts/sidebar/sidebar_move_issue_spec.js index d8e636cbdf0..4939119c28b 100644 --- a/spec/javascripts/sidebar/sidebar_move_issue_spec.js +++ b/spec/javascripts/sidebar/sidebar_move_issue_spec.js @@ -69,6 +69,15 @@ describe('SidebarMoveIssue', () => { expect($.fn.glDropdown).toHaveBeenCalled(); }); + + it('escapes html from project name', (done) => { + this.$toggleButton.dropdown('toggle'); + + setTimeout(() => { + expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('<img src=x onerror=alert(document.domain)> foo / bar'); + done(); + }); + }); }); describe('onConfirmClicked', () => { |