Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix potential XSS vulnerability #307

Merged
merged 1 commit into from Aug 10, 2018
Merged

Conversation

@bryanforbes
Copy link
Member

@bryanforbes bryanforbes commented Jul 31, 2018

  • Escape text coming from URL that is used in the page
  • Prevent remote scripts being executed
  • Remove remote URLs from unit test file

Since this is in a DOH test that isn't used anymore nor run automatically, the threat is minimal.

@bryanforbes bryanforbes requested a review from dylans Jul 31, 2018
@dylans
dylans approved these changes Jul 31, 2018
@dylans
dylans approved these changes Aug 6, 2018
@dylans dylans added this to the 1.14.0 milestone Aug 6, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file
@bryanforbes bryanforbes force-pushed the bryanforbes:fix-code-execution branch from 361cf05 to f224253 Aug 10, 2018
@bryanforbes bryanforbes merged commit 9117ffd into dojo:master Aug 10, 2018
1 check passed
1 check passed
licence/cla Contributor License Agreement is signed.
Details
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
bryanforbes added a commit that referenced this pull request Aug 10, 2018
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
@bryanforbes
Copy link
Member Author

@bryanforbes bryanforbes commented Aug 10, 2018

Backported as 33eb767 (1.13), 2e27f9a (1.12), c15b3e7 (1.11), 48cb00f (1.10), 9e4b725 (1.9), and 595ea4e (1.8)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.