doc/install · d230224f7119cf02a9c4bf390d2ff33eaa49240a · Forest Godfrey / gitlab-ce

Disallow the `name` attribute on all user-provided markup · d230224f

authored Aug 09, 2017

A malicious user was able to do something like

    <img src="" name="getElementById">

to override the `document.getElementById` method, which would result in
JavaScript errors being thrown.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/36104

d230224f

Name	Last commit	Last update
..
google_cloud_platform		Loading commit data...
kubernetes		Loading commit data...
README.md		Loading commit data...
database_mysql.md		Loading commit data...
digitaloceandocker.md		Loading commit data...
google-protobuf.md		Loading commit data...
installation.md		Loading commit data...
redis.md		Loading commit data...
relative_url.md		Loading commit data...
requirements.md		Loading commit data...
structure.md		Loading commit data...

README.md