Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
b74683ee
Commit
b74683ee
authored
May 03, 2017
by
Robert Speicher
Committed by
Lin Jen-Shin
May 04, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Merge branch 'branch-name-escape' into 'security'
Fix XSS in branches dropdown See merge request !2093
parent
28b4d18f
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
19 additions
and
7 deletions
+19
-7
app/assets/javascripts/gl_dropdown.js
app/assets/javascripts/gl_dropdown.js
+1
-1
changelogs/unreleased/branch-name-escape.yml
changelogs/unreleased/branch-name-escape.yml
+4
-0
spec/javascripts/gl_dropdown_spec.js.es6
spec/javascripts/gl_dropdown_spec.js.es6
+14
-6
No files found.
app/assets/javascripts/gl_dropdown.js
View file @
b74683ee
...
...
@@ -581,7 +581,7 @@
var
link
=
document
.
createElement
(
'
a
'
);
link
.
href
=
url
;
link
.
innerHTML
=
text
;
link
.
textContent
=
text
;
if
(
selected
)
{
link
.
className
=
'
is-active
'
;
...
...
changelogs/unreleased/branch-name-escape.yml
0 → 100644
View file @
b74683ee
---
title
:
Fixed branches dropdown rendering branch names as HTML
merge_request
:
author
:
spec/javascripts/gl_dropdown_spec.js.es6
View file @
b74683ee
...
...
@@ -52,12 +52,8 @@ require('~/lib/utils/url_utility');
search: {
fields: ['name']
},
text: (project) => {
(project.name_with_namespace || project.name);
},
id: (project) => {
project.id;
}
text: project => (project.name_with_namespace || project.name),
id: project => project.id
});
}
...
...
@@ -80,6 +76,18 @@ require('~/lib/utils/url_utility');
expect(this.dropdownContainerElement).toHaveClass('open');
});
it('escapes HTML as text', () => {
this.projectsData[0].name_with_namespace = '<script>alert("testing");</script>';
initDropDown.call(this, false);
this.dropdownButtonElement.click();
expect(
$('.dropdown-content li:first-child').text(),
).toBe('<script>alert("testing");</script>');
});
describe('that is open', () => {
beforeEach(() => {
initDropDown.call(this, false, false);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment