Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
6d360c21
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6d360c21
编写于
8月 23, 2018
作者:
F
Fatih Acet
提交者:
André Luís
9月 11, 2018
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Properly sanitize JSON data to fix XSS on Issue details page.
上级
c56f2b96
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
47 addition
and
4 deletion
+47
-4
app/assets/javascripts/issue_show/index.js
app/assets/javascripts/issue_show/index.js
+4
-3
app/assets/javascripts/pages/projects/issues/show.js
app/assets/javascripts/pages/projects/issues/show.js
+2
-1
changelogs/unreleased/security-acet-issue-details.yml
changelogs/unreleased/security-acet-issue-details.yml
+5
-0
spec/features/issues/issue_detail_spec.rb
spec/features/issues/issue_detail_spec.rb
+17
-0
spec/javascripts/issue_show/index_spec.js
spec/javascripts/issue_show/index_spec.js
+19
-0
未找到文件。
app/assets/javascripts/issue_show/index.js
浏览文件 @
6d360c21
import
Vue
from
'
vue
'
;
import
sanitize
from
'
sanitize-html
'
;
import
issuableApp
from
'
./components/app.vue
'
;
import
'
../vue_shared/vue_resource_interceptor
'
;
document
.
addEventListener
(
'
DOMContentLoaded
'
,
()
=>
{
export
default
function
initIssueableApp
()
{
const
initialDataEl
=
document
.
getElementById
(
'
js-issuable-app-initial-data
'
);
const
props
=
JSON
.
parse
(
initialDataEl
.
innerHTML
.
replace
(
/"/g
,
'
"
'
));
const
props
=
JSON
.
parse
(
sanitize
(
initialDataEl
.
textContent
)
.
replace
(
/"/g
,
'
"
'
));
return
new
Vue
({
el
:
document
.
getElementById
(
'
js-issuable-app
'
),
...
...
@@ -17,4 +18,4 @@ document.addEventListener('DOMContentLoaded', () => {
});
},
});
}
);
}
app/assets/javascripts/pages/projects/issues/show.js
浏览文件 @
6d360c21
...
...
@@ -3,9 +3,10 @@ import Issue from '~/issue';
import
ShortcutsIssuable
from
'
~/shortcuts_issuable
'
;
import
ZenMode
from
'
~/zen_mode
'
;
import
'
~/notes/index
'
;
import
'
~/issue_show/index
'
;
import
initIssueableApp
from
'
~/issue_show
'
;
export
default
function
()
{
initIssueableApp
();
new
Issue
();
// eslint-disable-line no-new
new
ShortcutsIssuable
();
// eslint-disable-line no-new
new
ZenMode
();
// eslint-disable-line no-new
...
...
changelogs/unreleased/security-acet-issue-details.yml
0 → 100644
浏览文件 @
6d360c21
---
title
:
Sanitize JSON data properly to fix XSS on Issue details page
merge_request
:
author
:
type
:
security
spec/features/issues/issue_detail_spec.rb
浏览文件 @
6d360c21
...
...
@@ -18,6 +18,23 @@ describe 'Issue Detail', :js do
end
end
context
'when issue description has xss snippet'
do
before
do
issue
.
update!
(
description:
'![xss" onload=alert(1);//](a)'
)
sign_in
(
user
)
visit
project_issue_path
(
project
,
issue
)
wait_for_requests
end
it
'should encode the description to prevent xss issues'
do
page
.
within
(
'.issuable-details .detail-page-description'
)
do
expect
(
page
).
to
have_selector
(
'img'
,
count:
1
)
expect
(
find
(
'img'
)[
'onerror'
]).
to
be_nil
expect
(
find
(
'img'
)[
'src'
]).
to
end_with
(
'/a'
)
end
end
end
context
'when edited by a user who is later deleted'
do
before
do
sign_in
(
user
)
...
...
spec/javascripts/issue_show/index_spec.js
0 → 100644
浏览文件 @
6d360c21
import
initIssueableApp
from
'
~/issue_show
'
;
describe
(
'
Issue show index
'
,
()
=>
{
describe
(
'
initIssueableApp
'
,
()
=>
{
it
(
'
should initialize app with no potential XSS attack
'
,
()
=>
{
const
d
=
document
.
createElement
(
'
div
'
);
d
.
id
=
'
js-issuable-app-initial-data
'
;
d
.
innerHTML
=
JSON
.
stringify
({
initialDescriptionHtml
:
'
<img src=x onerror=alert(1)>
'
,
});
document
.
body
.
appendChild
(
d
);
const
alertSpy
=
spyOn
(
window
,
'
alert
'
);
initIssueableApp
();
expect
(
alertSpy
).
not
.
toHaveBeenCalled
();
});
});
});
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录