Commit 6846b70d authored by Jacob Schatz's avatar Jacob Schatz Committed by Stan Hu

Merge branch 'label-xss-10-3' into 'security-10-3'

[10.3] Fix XSS in issue label dropdown

See merge request gitlab/gitlabhq!2253

(cherry picked from commit 363ffabcebd7bb0d1a2d59ca1a75e4eadb4a4360)

ea1fb0ea Fix XSS in issue label dropdown
parent 72a57525
......@@ -231,7 +231,7 @@ export default class LabelsSelect {
selectedClass.push('label-item');
$a.attr('data-label-id', label.id);
}
$a.addClass(selectedClass.join(' ')).html(colorEl + " " + label.title);
$a.addClass(selectedClass.join(' ')).html(`${colorEl} ${_.escape(label.title)}`);
// Return generated html
return $li.html($a).prop('outerHTML');
},
......
......@@ -8,6 +8,7 @@ feature 'Issue Sidebar' do
let(:issue) { create(:issue, project: project) }
let!(:user) { create(:user)}
let!(:label) { create(:label, project: project, title: 'bug') }
let!(:xss_label) { create(:label, project: project, title: '<script>alert("xss");</script>') }
before do
sign_in(user)
......@@ -99,6 +100,14 @@ feature 'Issue Sidebar' do
restore_window_size
open_issue_sidebar
end
it 'escapes XSS when viewing issue labels' do
page.within('.block.labels') do
find('.edit-link').click
expect(page).to have_content '<script>alert("xss");</script>'
end
end
end
context 'editing issue labels', :js do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment