diff options
| author | Felipe Artur Cardozo <fcardozo@gitlab.com> | 2018-07-24 20:01:19 +0000 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2018-07-24 17:01:51 -0300 |
| commit | ae8a7797367a5e9e97f8b3e6e7d2f25c31bb7064 (patch) | |
| tree | 6656e08408b59701e40a8645c7745e807b6b7d5f | |
| parent | fb9cc47c5b111ccd15cf1b7b7ab59ce1984a2c71 (diff) | |
| download | gitlab-ce-ae8a7797367a5e9e97f8b3e6e7d2f25c31bb7064.tar.gz | |
Merge branch 'security-ide-branch-name-xss-11-1' into 'security-11-1'
[11.1] Fixed XSS in branch name in Web IDE
See merge request gitlab/gitlabhq!2446
3 files changed, 15 insertions, 1 deletions
diff --git a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue index eb7cb9745ec..a8b5c7a16d0 100644 --- a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue +++ b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue @@ -1,4 +1,5 @@ <script> +import _ from 'underscore'; import { mapActions, mapState, mapGetters } from 'vuex'; import { sprintf, __ } from '~/locale'; import * as consts from '../../stores/modules/commit/constants'; @@ -14,7 +15,7 @@ export default { commitToCurrentBranchText() { return sprintf( __('Commit to %{branchName} branch'), - { branchName: `<strong class="monospace">${this.currentBranchId}</strong>` }, + { branchName: `<strong class="monospace">${_.escape(this.currentBranchId)}</strong>` }, false, ); }, diff --git a/changelogs/unreleased/security-ide-branch-name-xss.yml b/changelogs/unreleased/security-ide-branch-name-xss.yml new file mode 100644 index 00000000000..51742ffa4e9 --- /dev/null +++ b/changelogs/unreleased/security-ide-branch-name-xss.yml @@ -0,0 +1,5 @@ +--- +title: Fixed XSS in branch name in Web IDE +merge_request: +author: +type: security diff --git a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js index 27f10caccb1..3a5d6c8a90b 100644 --- a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js +++ b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js @@ -46,4 +46,12 @@ describe('IDE commit sidebar actions', () => { done(); }); }); + + describe('commitToCurrentBranchText', () => { + it('escapes current branch', () => { + vm.$store.state.currentBranchId = '<img src="x" />'; + + expect(vm.commitToCurrentBranchText).not.toContain('<img src="x" />'); + }); + }); }); |