Merge branch '10-7-security_issue_42029' into 'security-10-7'
Sanitize user name to avoid XSS attacks See merge request gitlab/gitlabhq!2373
This commit is contained in:
parent
9cf4e47341
commit
2f7b71df76
|
@ -1,4 +1,5 @@
|
|||
import $ from 'jquery';
|
||||
import _ from 'underscore';
|
||||
|
||||
function isValidProjectId(id) {
|
||||
return id > 0;
|
||||
|
@ -43,7 +44,7 @@ class SidebarMoveIssue {
|
|||
renderRow: project => `
|
||||
<li>
|
||||
<a href="#" class="js-move-issue-dropdown-item">
|
||||
${project.name_with_namespace}
|
||||
${_.escape(project.name_with_namespace)}
|
||||
</a>
|
||||
</li>
|
||||
`,
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Sanitizes user name to avoid XSS attacks
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -138,7 +138,7 @@ const RESPONSE_MAP = {
|
|||
},
|
||||
{
|
||||
id: 20,
|
||||
name_with_namespace: 'foo / bar',
|
||||
name_with_namespace: '<img src=x onerror=alert(document.domain)> foo / bar',
|
||||
},
|
||||
],
|
||||
},
|
||||
|
|
|
@ -69,6 +69,15 @@ describe('SidebarMoveIssue', function () {
|
|||
|
||||
expect($.fn.glDropdown).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('escapes html from project name', (done) => {
|
||||
this.$toggleButton.dropdown('toggle');
|
||||
|
||||
setTimeout(() => {
|
||||
expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('<img src=x onerror=alert(document.domain)> foo / bar');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('onConfirmClicked', () => {
|
||||
|
|
Loading…
Reference in New Issue