Commit 0a59ccac authored by Phil Hughes's avatar Phil Hughes

Fixed XSS in branch name in Web IDE

#2691
parent 1fb0fc3a
<script> <script>
import _ from 'underscore';
import { mapActions, mapState, mapGetters } from 'vuex'; import { mapActions, mapState, mapGetters } from 'vuex';
import { sprintf, __ } from '~/locale'; import { sprintf, __ } from '~/locale';
import * as consts from '../../stores/modules/commit/constants'; import * as consts from '../../stores/modules/commit/constants';
...@@ -14,7 +15,7 @@ export default { ...@@ -14,7 +15,7 @@ export default {
commitToCurrentBranchText() { commitToCurrentBranchText() {
return sprintf( return sprintf(
__('Commit to %{branchName} branch'), __('Commit to %{branchName} branch'),
{ branchName: `<strong class="monospace">${this.currentBranchId}</strong>` }, { branchName: `<strong class="monospace">${_.escape(this.currentBranchId)}</strong>` },
false, false,
); );
}, },
......
---
title: Fixed XSS in branch name in Web IDE
merge_request:
author:
type: security
...@@ -46,4 +46,12 @@ describe('IDE commit sidebar actions', () => { ...@@ -46,4 +46,12 @@ describe('IDE commit sidebar actions', () => {
done(); done();
}); });
}); });
describe('commitToCurrentBranchText', () => {
it('escapes current branch', () => {
vm.$store.state.currentBranchId = '<img src="x" />';
expect(vm.commitToCurrentBranchText).not.toContain('<img src="x" />');
});
});
}); });
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment