Merge branch 'fix-comment-reflection' into 'security-9-5'
Fix Live Comment XSS Vulnerability See merge request gitlab/gitlabhq!2183
This commit is contained in:
parent
bc10afb600
commit
941a2d2737
|
@ -1272,16 +1272,16 @@ export default class Notes {
|
|||
`<li id="${uniqueId}" class="note being-posted fade-in-half timeline-entry">
|
||||
<div class="timeline-entry-inner">
|
||||
<div class="timeline-icon">
|
||||
<a href="/${currentUsername}">
|
||||
<a href="/${_.escape(currentUsername)}">
|
||||
<img class="avatar s40" src="${currentUserAvatar}" />
|
||||
</a>
|
||||
</div>
|
||||
<div class="timeline-content ${discussionClass}">
|
||||
<div class="note-header">
|
||||
<div class="note-header-info">
|
||||
<a href="/${currentUsername}">
|
||||
<span class="hidden-xs">${currentUserFullname}</span>
|
||||
<span class="note-headline-light">@${currentUsername}</span>
|
||||
<a href="/${_.escape(currentUsername)}">
|
||||
<span class="hidden-xs">${_.escape(currentUsername)}</span>
|
||||
<span class="note-headline-light">${_.escape(currentUsername)}</span>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1295,6 +1295,9 @@ export default class Notes {
|
|||
</li>`
|
||||
);
|
||||
|
||||
$tempNote.find('.hidden-xs').text(_.escape(currentUserFullname));
|
||||
$tempNote.find('.note-headline-light').text(`@${_.escape(currentUsername)}`);
|
||||
|
||||
return $tempNote;
|
||||
}
|
||||
|
||||
|
|
|
@ -770,6 +770,20 @@ import '~/notes';
|
|||
expect($tempNote.prop('nodeName')).toEqual('LI');
|
||||
expect($tempNote.find('.timeline-content').hasClass('discussion')).toBeTruthy();
|
||||
});
|
||||
|
||||
it('should return a escaped user name', () => {
|
||||
const currentUserFullnameXSS = 'Foo <script>alert("XSS")</script>';
|
||||
const $tempNote = this.notes.createPlaceholderNote({
|
||||
formContent: sampleComment,
|
||||
uniqueId,
|
||||
isDiscussionNote: false,
|
||||
currentUsername,
|
||||
currentUserFullname: currentUserFullnameXSS,
|
||||
currentUserAvatar,
|
||||
});
|
||||
const $tempNoteHeader = $tempNote.find('.note-header');
|
||||
expect($tempNoteHeader.find('.hidden-xs').text().trim()).toEqual('Foo <script>alert("XSS")</script>');
|
||||
});
|
||||
});
|
||||
|
||||
describe('createPlaceholderSystemNote', () => {
|
||||
|
|
Loading…
Reference in New Issue