Fix XSS in resolve conflicts form
The issue arose when the branch name contained Vue template JavaScript. The fix is to use `v-pre` which disables Vue compilation in a template.
This commit is contained in:
parent
f944971b0b
commit
e6e9c10ee1
|
@ -6,7 +6,7 @@
|
|||
.form-group.row
|
||||
.col-md-4
|
||||
%h4= _('Resolve conflicts on source branch')
|
||||
.resolve-info
|
||||
.resolve-info{ "v-pre": true }
|
||||
= translation.html_safe
|
||||
.col-md-8
|
||||
%label.label-bold{ "for" => "commit-message" }
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix XSS in resolve conflicts form
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -164,6 +164,21 @@ describe 'Merge request > User resolves conflicts', :js do
|
|||
expect(page).to have_content('Gregor Samsa woke from troubled dreams')
|
||||
end
|
||||
end
|
||||
|
||||
context "with malicious branch name" do
|
||||
let(:bad_branch_name) { "malicious-branch-{{toString.constructor('alert(/xss/)')()}}" }
|
||||
let(:branch) { project.repository.create_branch(bad_branch_name, 'conflict-resolvable') }
|
||||
let(:merge_request) { create_merge_request(branch.name) }
|
||||
|
||||
before do
|
||||
visit project_merge_request_path(project, merge_request)
|
||||
click_link('conflicts', href: %r{/conflicts\Z})
|
||||
end
|
||||
|
||||
it "renders bad name without xss issues" do
|
||||
expect(find('.resolve-conflicts-form .resolve-info')).to have_content(bad_branch_name)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
UNRESOLVABLE_CONFLICTS = {
|
||||
|
|
Loading…
Reference in New Issue