Commit 9d6499a5 authored by Alessio Caiazza's avatar Alessio Caiazza

Merge branch 'security-2682-fix-xss-for-markdown-toc' into 'master'

[master] Fix xss for Markdown elements where [[_TOC_]] is enabled

See merge request gitlab/gitlabhq!2400
parents 70c02bf3 00c68e1b
---
title: Fix XSS vulnerability for table of content generation
merge_request:
author:
type: security
...@@ -92,7 +92,7 @@ module Banzai ...@@ -92,7 +92,7 @@ module Banzai
def text def text
return '' unless node return '' unless node
@text ||= node.text @text ||= EscapeUtils.escape_html(node.text)
end end
private private
......
...@@ -139,5 +139,14 @@ describe Banzai::Filter::TableOfContentsFilter do ...@@ -139,5 +139,14 @@ describe Banzai::Filter::TableOfContentsFilter do
expect(items[5].ancestors).to include(items[4]) expect(items[5].ancestors).to include(items[4])
end end
end end
context 'header text contains escaped content' do
let(:content) { '<img src="x" onerror="alert(42)">' }
let(:results) { result(header(1, content)) }
it 'outputs escaped content' do
expect(doc.inner_html).to include(content)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment