aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2012-11-20 10:37:27 -0800
committerJunio C Hamano <gitster@pobox.com>2012-11-20 10:37:27 -0800
commit79a09bba1cc919f5ea0992db358fb4b14ab2c226 (patch)
tree40b89ba60b8c8210030eb64e519f0abd1a8ce739
parent05849c4818342a0e0ecb597fd2452125b00d543e (diff)
parent0f0ecf68b31303de7cb428554e27d433fe62180e (diff)
downloadgit-79a09bba1cc919f5ea0992db358fb4b14ab2c226.tar.gz
git-79a09bba1cc919f5ea0992db358fb4b14ab2c226.tar.xz
Merge branch 'jk/maint-gitweb-xss'
Fixes an XSS vulnerability in gitweb. * jk/maint-gitweb-xss: gitweb: escape html in rss title
-rwxr-xr-xgitweb/gitweb.perl1
-rwxr-xr-xt/t9502-gitweb-standalone-parse-output.sh15
2 files changed, 16 insertions, 0 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index ce8cb4af1..e8812fa2b 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -8054,6 +8054,7 @@ sub git_feed {
$feed_type = 'history';
}
$title .= " $feed_type";
+ $title = esc_html($title);
my $descr = git_get_project_description($project);
if (defined $descr) {
$descr = esc_html($descr);
diff --git a/t/t9502-gitweb-standalone-parse-output.sh b/t/t9502-gitweb-standalone-parse-output.sh
index 731e64c3a..3a8e7d3f5 100755
--- a/t/t9502-gitweb-standalone-parse-output.sh
+++ b/t/t9502-gitweb-standalone-parse-output.sh
@@ -185,5 +185,20 @@ test_expect_success 'forks: project_index lists all projects (incl. forks)' '
test_cmp expected actual
'
+xss() {
+ echo >&2 "Checking $1..." &&
+ gitweb_run "$1" &&
+ if grep "$TAG" gitweb.body; then
+ echo >&2 "xss: $TAG should have been quoted in output"
+ return 1
+ fi
+ return 0
+}
+
+test_expect_success 'xss checks' '
+ TAG="<magic-xss-tag>" &&
+ xss "a=rss&p=$TAG" &&
+ xss "a=rss&p=foo.git&f=$TAG"
+'
test_done