diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2019-08-16 11:22:57 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2019-08-23 12:44:45 +0300 |
commit | b291b813cfb2e6008bf0707a611e4c3104ed1eb0 (patch) | |
tree | 366f6c8f7626f8ca0f743c3acc0a58a9d7d480df /changelogs | |
parent | 4a6d22ba439cb20937669c4aa2046acffb36a60e (diff) |
Re-escape whole HTML content instead of only match
When we un-escape HTML text to find references in it, we should then
re-escape the whole text again, not only found matches.
Because we replace matches with milestone/label links (which contain
HTML tags we don't want to escape again), we re-escape HTML text
with placeholders instead of these links and then replace placeholders
in the escaped text.
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/unreleased/security-fix-markdown-xss.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-fix-markdown-xss.yml b/changelogs/unreleased/security-fix-markdown-xss.yml new file mode 100644 index 00000000000..7ef19f13fd5 --- /dev/null +++ b/changelogs/unreleased/security-fix-markdown-xss.yml @@ -0,0 +1,5 @@ +--- +title: Make sure HTML text is always escaped when replacing label/milestone references. +merge_request: +author: +type: security |