New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Properly escape HTML for error message from CLI SSO #5563
Conversation
Signed-off-by: jannfis <jann@mistrust.net>
Codecov Report
@@ Coverage Diff @@
## master #5563 +/- ##
=======================================
Coverage 40.86% 40.86%
=======================================
Files 144 144
Lines 19205 19205
=======================================
Hits 7849 7849
Misses 10260 10260
Partials 1096 1096
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you!
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
|
@alexmt FYI, I have cherry-picked this into 1.7 and 1.8 branch. |
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: jannfis jann@mistrust.net
Fixes https://github.com/argoproj/argo-cd/security/code-scanning/46
While I believe this is not a serious issue in the real world, and at least would require a rogue SSO backend for successful exploitation, it should be fixed.
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: