Commit 2f7b71df authored by Phil Hughes's avatar Phil Hughes Committed by Mayra Cabrera

Merge branch '10-7-security_issue_42029' into 'security-10-7'

Sanitize user name to avoid XSS attacks

See merge request gitlab/gitlabhq!2373
parent 9cf4e473
import $ from 'jquery';
import _ from 'underscore';
function isValidProjectId(id) {
return id > 0;
......@@ -43,7 +44,7 @@ class SidebarMoveIssue {
renderRow: project => `
<li>
<a href="#" class="js-move-issue-dropdown-item">
${project.name_with_namespace}
${_.escape(project.name_with_namespace)}
</a>
</li>
`,
......
---
title: Sanitizes user name to avoid XSS attacks
merge_request:
author:
type: security
......@@ -138,7 +138,7 @@ const RESPONSE_MAP = {
},
{
id: 20,
name_with_namespace: 'foo / bar',
name_with_namespace: '<img src=x onerror=alert(document.domain)> foo / bar',
},
],
},
......
......@@ -69,6 +69,15 @@ describe('SidebarMoveIssue', function () {
expect($.fn.glDropdown).toHaveBeenCalled();
});
it('escapes html from project name', (done) => {
this.$toggleButton.dropdown('toggle');
setTimeout(() => {
expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('&lt;img src=x onerror=alert(document.domain)&gt; foo / bar');
done();
});
});
});
describe('onConfirmClicked', () => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment