Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
b82aba0e
Commit
b82aba0e
authored
Nov 09, 2018
by
Brett Walker
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Sanitize output of SpacedLinkFilter
parent
624ec622
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
25 additions
and
2 deletions
+25
-2
app/models/concerns/cache_markdown_field.rb
app/models/concerns/cache_markdown_field.rb
+1
-1
changelogs/unreleased/security-xss-in-markdown-following-unrecognized-html-element.yml
...y-xss-in-markdown-following-unrecognized-html-element.yml
+5
-0
lib/banzai/filter/spaced_link_filter.rb
lib/banzai/filter/spaced_link_filter.rb
+3
-0
lib/banzai/pipeline/gfm_pipeline.rb
lib/banzai/pipeline/gfm_pipeline.rb
+4
-1
spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
+12
-0
No files found.
app/models/concerns/cache_markdown_field.rb
View file @
b82aba0e
...
...
@@ -15,7 +15,7 @@ module CacheMarkdownField
# Increment this number every time the renderer changes its output
CACHE_REDCARPET_VERSION
=
3
CACHE_COMMONMARK_VERSION_START
=
10
CACHE_COMMONMARK_VERSION
=
1
1
CACHE_COMMONMARK_VERSION
=
1
2
# changes to these attributes cause the cache to be invalidates
INVALIDATED_BY
=
%w[author project]
.
freeze
...
...
changelogs/unreleased/security-xss-in-markdown-following-unrecognized-html-element.yml
0 → 100644
View file @
b82aba0e
---
title
:
Fix possible XSS attack in Markdown urls with spaces
merge_request
:
2599
author
:
type
:
security
lib/banzai/filter/spaced_link_filter.rb
View file @
b82aba0e
...
...
@@ -17,6 +17,9 @@ module Banzai
# This is a small extension to the CommonMark spec. If they start allowing
# spaces in urls, we could then remove this filter.
#
# Note: Filter::SanitizationFilter should always be run sometime after this filter
# to prevent XSS attacks
#
class
SpacedLinkFilter
<
HTML
::
Pipeline
::
Filter
include
ActionView
::
Helpers
::
TagHelper
...
...
lib/banzai/pipeline/gfm_pipeline.rb
View file @
b82aba0e
...
...
@@ -12,13 +12,16 @@ module Banzai
def
self
.
filters
@filters
||=
FilterArray
[
Filter
::
PlantumlFilter
,
# Must always be before the SanitizationFilter to prevent XSS attacks
Filter
::
SpacedLinkFilter
,
Filter
::
SanitizationFilter
,
Filter
::
SyntaxHighlightFilter
,
Filter
::
MathFilter
,
Filter
::
ColorFilter
,
Filter
::
MermaidFilter
,
Filter
::
SpacedLinkFilter
,
Filter
::
VideoLinkFilter
,
Filter
::
ImageLazyLoadFilter
,
Filter
::
ImageLinkFilter
,
...
...
spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
View file @
b82aba0e
...
...
@@ -104,5 +104,17 @@ describe Banzai::Pipeline::GfmPipeline do
expect
(
output
).
to
include
(
"src=
\"
test%20image.png
\"
"
)
end
it
'sanitizes the fixed link'
do
markdown_xss
=
"[xss](javascript: alert%28document.domain%29)"
output
=
described_class
.
to_html
(
markdown_xss
,
project:
project
)
expect
(
output
).
not_to
include
(
"javascript"
)
markdown_xss
=
"<invalidtag>
\n
[xss](javascript:alert%28document.domain%29)"
output
=
described_class
.
to_html
(
markdown_xss
,
project:
project
)
expect
(
output
).
not_to
include
(
"javascript"
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment