diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-04-19 15:00:33 -0400 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-19 15:00:59 -0400 |
commit | b6e8aca9de7e6f8d76ee101b04fb9c89b2c71923 (patch) | |
tree | ae1a9d35f05a4c74803c8d8672530d79a706dbe6 | |
parent | 70ada081ed3dd6ae08b82e589714d28018278a39 (diff) | |
download | gitlab-ce-b6e8aca9de7e6f8d76ee101b04fb9c89b2c71923.tar.gz |
Remove XSS vulnerability in Label and Milestone dropdowns
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/assets/javascripts/labels_select.js.coffee | 2 | ||||
-rw-r--r-- | app/assets/javascripts/milestone_select.js.coffee | 2 |
3 files changed, 3 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index 564b89838c7..f1246ed0d29 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.6.7 - Fix persistent XSS vulnerability in `commit_person_link` helper + - Fix persistent XSS vulnerability in Label and Milestone dropdowns - Fix vulnerability that made it possible to enumerate private projects belonging to group v 8.6.6 diff --git a/app/assets/javascripts/labels_select.js.coffee b/app/assets/javascripts/labels_select.js.coffee index 9d0654083dc..ca449951e1d 100644 --- a/app/assets/javascripts/labels_select.js.coffee +++ b/app/assets/javascripts/labels_select.js.coffee @@ -126,7 +126,7 @@ class @LabelsSelect "<li> <a href='#' class='#{selected}'> #{color} - #{label.title} + #{_.escape(label.title)} </a> </li>" filterable: true diff --git a/app/assets/javascripts/milestone_select.js.coffee b/app/assets/javascripts/milestone_select.js.coffee index 23061be3e28..9e80851e086 100644 --- a/app/assets/javascripts/milestone_select.js.coffee +++ b/app/assets/javascripts/milestone_select.js.coffee @@ -53,7 +53,7 @@ class @MilestoneSelect defaultLabel fieldName: $dropdown.data('field-name') text: (milestone) -> - milestone.title + _.escape(milestone.title) id: (milestone) -> if !useId milestone.name |