Commit b74683ee authored by Robert Speicher's avatar Robert Speicher Committed by Lin Jen-Shin

Merge branch 'branch-name-escape' into 'security'

Fix XSS in branches dropdown

See merge request !2093
parent 28b4d18f
......@@ -581,7 +581,7 @@
var link = document.createElement('a');
link.href = url;
link.innerHTML = text;
link.textContent = text;
if (selected) {
link.className = 'is-active';
......
---
title: Fixed branches dropdown rendering branch names as HTML
merge_request:
author:
......@@ -52,12 +52,8 @@ require('~/lib/utils/url_utility');
search: {
fields: ['name']
},
text: (project) => {
(project.name_with_namespace || project.name);
},
id: (project) => {
project.id;
}
text: project => (project.name_with_namespace || project.name),
id: project => project.id
});
}
......@@ -80,6 +76,18 @@ require('~/lib/utils/url_utility');
expect(this.dropdownContainerElement).toHaveClass('open');
});
it('escapes HTML as text', () => {
this.projectsData[0].name_with_namespace = '<script>alert("testing");</script>';
initDropDown.call(this, false);
this.dropdownButtonElement.click();
expect(
$('.dropdown-content li:first-child').text(),
).toBe('<script>alert("testing");</script>');
});
describe('that is open', () => {
beforeEach(() => {
initDropDown.call(this, false, false);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment