diff options
| author | Junio C Hamano <gitster@pobox.com> | 2012-11-25 18:35:41 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2012-11-25 18:35:41 -0800 |
| commit | 326922fd20edd1ad4651052f7e22abed89c5dc4e (patch) | |
| tree | 71f9a211d24734ee6ded6085abde4a2fb718d493 | |
| parent | 4db42b38231b350138dd6b9c67af34e028006380 (diff) | |
| parent | 0f0ecf68b31303de7cb428554e27d433fe62180e (diff) | |
| download | git-326922fd20edd1ad4651052f7e22abed89c5dc4e.tar.gz git-326922fd20edd1ad4651052f7e22abed89c5dc4e.tar.xz | |
Merge branch 'jk/maint-gitweb-xss' into maint
Fixes an XSS vulnerability in gitweb.
* jk/maint-gitweb-xss:
gitweb: escape html in rss title
| -rwxr-xr-x | gitweb/gitweb.perl | 1 | ||||
| -rwxr-xr-x | t/t9502-gitweb-standalone-parse-output.sh | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 10ed9e51a..a51a8babe 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -8055,6 +8055,7 @@ sub git_feed { $feed_type = 'history'; } $title .= " $feed_type"; + $title = esc_html($title); my $descr = git_get_project_description($project); if (defined $descr) { $descr = esc_html($descr); diff --git a/t/t9502-gitweb-standalone-parse-output.sh b/t/t9502-gitweb-standalone-parse-output.sh index 731e64c3a..3a8e7d3f5 100755 --- a/t/t9502-gitweb-standalone-parse-output.sh +++ b/t/t9502-gitweb-standalone-parse-output.sh @@ -185,5 +185,20 @@ test_expect_success 'forks: project_index lists all projects (incl. forks)' ' test_cmp expected actual ' +xss() { + echo >&2 "Checking $1..." && + gitweb_run "$1" && + if grep "$TAG" gitweb.body; then + echo >&2 "xss: $TAG should have been quoted in output" + return 1 + fi + return 0 +} + +test_expect_success 'xss checks' ' + TAG="<magic-xss-tag>" && + xss "a=rss&p=$TAG" && + xss "a=rss&p=foo.git&f=$TAG" +' test_done |