Commit 387799e2 authored by Phil Hughes's avatar Phil Hughes Committed by Mayra Cabrera

Merge branch '10-7-security_issue_42029' into 'security-10-7'

Sanitize user name to avoid XSS attacks

See merge request gitlab/gitlabhq!2373
parent 74989de3
import $ from 'jquery'; import $ from 'jquery';
import _ from 'underscore';
function isValidProjectId(id) { function isValidProjectId(id) {
return id > 0; return id > 0;
...@@ -43,7 +44,7 @@ class SidebarMoveIssue { ...@@ -43,7 +44,7 @@ class SidebarMoveIssue {
renderRow: project => ` renderRow: project => `
<li> <li>
<a href="#" class="js-move-issue-dropdown-item"> <a href="#" class="js-move-issue-dropdown-item">
${project.name_with_namespace} ${_.escape(project.name_with_namespace)}
</a> </a>
</li> </li>
`, `,
......
---
title: Sanitizes user name to avoid XSS attacks
merge_request:
author:
type: security
...@@ -138,7 +138,7 @@ const RESPONSE_MAP = { ...@@ -138,7 +138,7 @@ const RESPONSE_MAP = {
}, },
{ {
id: 20, id: 20,
name_with_namespace: 'foo / bar', name_with_namespace: '<img src=x onerror=alert(document.domain)> foo / bar',
}, },
], ],
}, },
......
...@@ -69,6 +69,15 @@ describe('SidebarMoveIssue', function () { ...@@ -69,6 +69,15 @@ describe('SidebarMoveIssue', function () {
expect($.fn.glDropdown).toHaveBeenCalled(); expect($.fn.glDropdown).toHaveBeenCalled();
}); });
it('escapes html from project name', (done) => {
this.$toggleButton.dropdown('toggle');
setTimeout(() => {
expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('&lt;img src=x onerror=alert(document.domain)&gt; foo / bar');
done();
});
});
}); });
describe('onConfirmClicked', () => { describe('onConfirmClicked', () => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment