Skip to content

Commit

Permalink
Merge pull request #1148 from benjaoming/escape-title
Browse files Browse the repository at this point in the history 
Security fix (XSS) - Build HTML elements for notifications safely
  • Loading branch information
@benjaoming
benjaoming committed Nov 16, 2021
2 parents 28dcfab + e6dd214 commit f0a042b
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 3 deletions.
9 changes: 9 additions & 0 deletions docs/release_notes.rst
View file
Expand Up @@ -13,6 +13,15 @@ Release plan
* **0.7.x** Removes Django 2.1 support, adds Django 3.1, 3.2


0.7.9
-----

Security fixes
~~~~~~~~~~~~~~

* XSS vulnerability: Unescaped HTML in title propagated to notification (WhiteSource Vulnerability Research Team)


0.7.8
-----

Expand Down
2 changes: 1 addition & 1 deletion src/wiki/__init__.py
View file
Expand Up @@ -17,5 +17,5 @@

default_app_config = "wiki.apps.WikiConfig"

VERSION = (0, 7, 8, "final", 0)
VERSION = (0, 7, 9, "final", 0)
__version__ = get_version(VERSION)
12 changes: 10 additions & 2 deletions src/wiki/plugins/notifications/static/wiki/plugins/notifications/js/ui.js
View file
Expand Up @@ -19,11 +19,19 @@ function notify_update() {
n = data.objects[i];
notify_latest_id = n.pk>notify_latest_id ? n.pk:notify_latest_id;
notify_oldest_id = (n.pk<notify_oldest_id || notify_oldest_id==0) ? n.pk:notify_oldest_id;
var element_outer_div = $("<div />");
var element_a = $("<a />", {href: URL_NOTIFY_GOTO + n.pk + "/"});
var element_message_div;
var element_since_div;
if (n.occurrences > 1) {
element = $('<div><a href="'+URL_NOTIFY_GOTO+n.pk+'/"><div>'+n.message+'</div><div class="since">'+n.occurrences_msg+' - ' + n.since + '</div></a></div>')
element_message_div = $("<div />", {text: n.message});
element_since_div = $("<div />", {text: n.occurrences_msg+' - ' + n.since, class: "since"});
} else {
element = $('<div><a href="'+URL_NOTIFY_GOTO+n.pk+'/"><div>'+n.message+'</div><div class="since">'+n.since+'</div></a></div>');
element_message_div = $("<div />", {text: n.message});
element_since_div = $("<div />", {text: n.since, class: "since"});
}
element_a.append(element_message_div).append(element_since_div);
element = element_outer_div.append(element_a);
element.addClass('dropdown-item notification-item');
element.insertAfter('.notification-before-list');
}
Expand Down

0 comments on commit f0a042b

Please sign in to comment.