BigW Consortium Gitlab

Skip to content

G
gitlab-ce
Commit 8040e336 by Robert Speicher Committed by Lin Jen-Shin
Options

Merge branch 'branch-name-escape' into 'security'

Fix XSS in branches dropdown See merge request !2093
parent bca874df
Showing with 19 additions and 7 deletions
app/assets/javascripts/gl_dropdown.js
......@@ -584,7 +584,7 @@ GitLabDropdown = (function() {
var link = document.createElement('a');
link.href = url;
link.innerHTML = text;
link.textContent = text;
if (selected) {
link.className = 'is-active';
......
changelogs/unreleased/branch-name-escape.yml 0 → 100644
---
title: Fixed branches dropdown rendering branch names as HTML
merge_request:
author:
spec/javascripts/gl_dropdown_spec.js
......@@ -52,12 +52,8 @@ require('~/lib/utils/url_utility');
search: {
fields: ['name']
},
text: (project) => {
(project.name_with_namespace || project.name);
},
id: (project) => {
project.id;
}
text: project => (project.name_with_namespace || project.name),
id: project => project.id
});
}
......@@ -80,6 +76,18 @@ require('~/lib/utils/url_utility');
expect(this.dropdownContainerElement).toHaveClass('open');
});
it('escapes HTML as text', () => {
this.projectsData[0].name_with_namespace = '<script>alert("testing");</script>';
initDropDown.call(this, false);
this.dropdownButtonElement.click();
expect(
$('.dropdown-content li:first-child').text(),
).toBe('<script>alert("testing");</script>');
});
describe('that is open', () => {
beforeEach(() => {
initDropDown.call(this, false, false);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment