diff options
| author | Felipe Artur Cardozo <fcardozo@gitlab.com> | 2018-07-24 22:35:12 +0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2018-07-24 22:35:25 +0300 |
| commit | 6a462cd732d9f6980be89877245fd32fde9f9b73 (patch) | |
| tree | 38acd3e83789a3d1cd5670c77d279b2fbf65eb57 | |
| parent | 7a23c7e78ab0d484ba95268cce82beeac7ab46b9 (diff) | |
Merge branch 'security-security-11-0-ide-branch-name-xss-11-0' into 'security-11-0'
[11.0] Fixed XSS in branch name in Web IDE
See merge request gitlab/gitlabhq!2432
3 files changed, 15 insertions, 1 deletions
diff --git a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue index b4f3778d946..a82d743fec2 100644 --- a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue +++ b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue @@ -1,4 +1,5 @@ <script> +import _ from 'underscore'; import { mapActions, mapState, mapGetters } from 'vuex'; import { sprintf, __ } from '~/locale'; import * as consts from '../../stores/modules/commit/constants'; @@ -14,7 +15,7 @@ export default { commitToCurrentBranchText() { return sprintf( __('Commit to %{branchName} branch'), - { branchName: `<strong class="monospace">${this.currentBranchId}</strong>` }, + { branchName: `<strong class="monospace">${_.escape(this.currentBranchId)}</strong>` }, false, ); }, diff --git a/changelogs/unreleased/security-ide-branch-name-xss.yml b/changelogs/unreleased/security-ide-branch-name-xss.yml new file mode 100644 index 00000000000..51742ffa4e9 --- /dev/null +++ b/changelogs/unreleased/security-ide-branch-name-xss.yml @@ -0,0 +1,5 @@ +--- +title: Fixed XSS in branch name in Web IDE +merge_request: +author: +type: security diff --git a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js index 27f10caccb1..3a5d6c8a90b 100644 --- a/spec/javascripts/ide/components/commit_sidebar/actions_spec.js +++ b/spec/javascripts/ide/components/commit_sidebar/actions_spec.js @@ -46,4 +46,12 @@ describe('IDE commit sidebar actions', () => { done(); }); }); + + describe('commitToCurrentBranchText', () => { + it('escapes current branch', () => { + vm.$store.state.currentBranchId = '<img src="x" />'; + + expect(vm.commitToCurrentBranchText).not.toContain('<img src="x" />'); + }); + }); }); |