Files
@ b9b719fb4774
Branch filter:
Location: kallithea/.hgignore - annotation
b9b719fb4774
1.1 KiB
text/plain
search: fix XSS vulnerability in search results
The search feature did not correctly escape all arguments when displaying
search matches and linking to the corresponding files.
An attacker that can control the contents of a repository could thus cause
a cross-site scripting (XSS) vulnerability.
Fix the problem by removing the overall h.literal call that is only needed
for the HTML entity » and splitting the link instead.
We take the opportunity to improving the destination of the part before
» which is the path to the repository. Instead of pointing to the
search result, point to the repository itself.
The part after » remains linked to the file containing the search
match.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
The search feature did not correctly escape all arguments when displaying
search matches and linking to the corresponding files.
An attacker that can control the contents of a repository could thus cause
a cross-site scripting (XSS) vulnerability.
Fix the problem by removing the overall h.literal call that is only needed
for the HTML entity » and splitting the link instead.
We take the opportunity to improving the destination of the part before
» which is the path to the repository. Instead of pointing to the
search result, point to the repository itself.
The part after » remains linked to the file containing the search
match.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
a555d8345105 a555d8345105 a555d8345105 3dd89d30cd28 b5c57e2176dc a28bd9cb6549 a28bd9cb6549 7d6c4bd58abd 9885bbacf99c 9885bbacf99c 564e40829f80 564e40829f80 95f1ed68cac1 a555d8345105 9496c047ea4d a555d8345105 a555d8345105 058f63b6c2ff b619d9eef67a 058f63b6c2ff 058f63b6c2ff 596eb21f61d5 27c8836e6356 19a9f02443c8 19a9f02443c8 7ec976c8c198 bf514091b27f 12455b1a1a6f 12455b1a1a6f 12455b1a1a6f 12455b1a1a6f 12455b1a1a6f 585dee5eb4bb cc2c473abc5f 2e7ffb755d4f 2e7ffb755d4f cc2c473abc5f 2b8f69cb7d8c 2b8f69cb7d8c 2b8f69cb7d8c 2b8f69cb7d8c 12455b1a1a6f 8152f9e6a778 277684f23146 92cacbcb5272 24c0d584ba86 03bbd33bc084 324ac367a4da bd39c1f70e35 bfa66e8887d7 42163501d6b5 9358211ee144 | syntax: glob
*.pyc
*.swp
*.sqlite
*.tox
*.egg-info
*.egg
*.mo
.eggs/
tarballcache/
syntax: regexp
^rcextensions
^build
^dist/
^docs/build/
^docs/_build/
^data$
^sql_dumps/
^\.settings$
^\.project$
^\.pydevproject$
^\.coverage$
^kallithea/front-end/node_modules$
^kallithea/front-end/package-lock\.json$
^kallithea/front-end/tmp$
^kallithea/public/codemirror$
^kallithea/public/css/select2-spinner\.gif$
^kallithea/public/css/select2\.png$
^kallithea/public/css/select2x2\.png$
^kallithea/public/css/style\.css$
^kallithea/public/css/style\.css\.map$
^kallithea/public/js/bootstrap\.js$
^kallithea/public/js/dataTables\.bootstrap\.js$
^kallithea/public/js/jquery\.atwho\.min\.js$
^kallithea/public/js/jquery\.caret\.min\.js$
^kallithea/public/js/jquery\.dataTables\.js$
^kallithea/public/js/jquery\.flot\.js$
^kallithea/public/js/jquery\.flot\.selection\.js$
^kallithea/public/js/jquery\.flot\.time\.js$
^kallithea/public/js/jquery\.min\.js$
^kallithea/public/js/select2\.js$
^theme\.less$
^kallithea\.db$
^test\.db$
^Kallithea\.egg-info$
^my\.ini$
^fabfile.py
^\.idea$
^\.cache$
^\.pytest_cache$
/__pycache__$
|