Commit 6a5ff493 authored by Yorick Peterse's avatar Yorick Peterse

Merge branch 'security-stored-xss-via-katex' into 'master'

[master] Resolve "[Security] Stored XSS via KaTeX"

Closes #2760

See merge request gitlab/gitlabhq!2718
parents cb3e3835 2dfa614c
---
title: Fixed XSS content in KaTex links
merge_request:
author:
type: security
require 'spec_helper'
describe 'Math rendering', :js do
let!(:project) { create(:project, :public) }
it 'renders inline and display math correctly' do
description = <<~MATH
This math is inline $`a^2+b^2=c^2`$.
......@@ -11,7 +13,6 @@ describe 'Math rendering', :js do
```
MATH
project = create(:project, :public)
issue = create(:issue, project: project, description: description)
visit project_issue_path(project, issue)
......@@ -19,4 +20,19 @@ describe 'Math rendering', :js do
expect(page).to have_selector('.katex .mord.mathdefault', text: 'b')
expect(page).to have_selector('.katex-display .mord.mathdefault', text: 'b')
end
it 'only renders non XSS links' do
description = <<~MATH
This link is valid $`\\href{javascript:alert('xss');}{xss}`$.
This link is valid $`\\href{https://gitlab.com}{Gitlab}`$.
MATH
issue = create(:issue, project: project, description: description)
visit project_issue_path(project, issue)
expect(page).to have_selector('.katex-error', text: "\href{javascript:alert('xss');}{xss}")
expect(page).to have_selector('.katex-html a', text: 'Gitlab')
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment