Commit b6e8aca9 authored by Robert Speicher's avatar Robert Speicher

Remove XSS vulnerability in Label and Milestone dropdowns

parent 70ada081
...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.6.7 v 8.6.7
- Fix persistent XSS vulnerability in `commit_person_link` helper - Fix persistent XSS vulnerability in `commit_person_link` helper
- Fix persistent XSS vulnerability in Label and Milestone dropdowns
- Fix vulnerability that made it possible to enumerate private projects belonging to group - Fix vulnerability that made it possible to enumerate private projects belonging to group
v 8.6.6 v 8.6.6
......
...@@ -126,7 +126,7 @@ class @LabelsSelect ...@@ -126,7 +126,7 @@ class @LabelsSelect
"<li> "<li>
<a href='#' class='#{selected}'> <a href='#' class='#{selected}'>
#{color} #{color}
#{label.title} #{_.escape(label.title)}
</a> </a>
</li>" </li>"
filterable: true filterable: true
......
...@@ -53,7 +53,7 @@ class @MilestoneSelect ...@@ -53,7 +53,7 @@ class @MilestoneSelect
defaultLabel defaultLabel
fieldName: $dropdown.data('field-name') fieldName: $dropdown.data('field-name')
text: (milestone) -> text: (milestone) ->
milestone.title _.escape(milestone.title)
id: (milestone) -> id: (milestone) ->
if !useId if !useId
milestone.name milestone.name
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment