New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix potential XSS vulnerability #307

Merged
merged 1 commit into from Aug 10, 2018

Conversation

Projects
None yet
2 participants
@bryanforbes
Member

bryanforbes commented Jul 31, 2018

  • Escape text coming from URL that is used in the page
  • Prevent remote scripts being executed
  • Remove remote URLs from unit test file

Since this is in a DOH test that isn't used anymore nor run automatically, the threat is minimal.

@bryanforbes bryanforbes requested a review from dylans Jul 31, 2018

@dylans

dylans approved these changes Jul 31, 2018

@dylans

dylans approved these changes Aug 6, 2018

@dylans dylans added this to the 1.14.0 milestone Aug 6, 2018

Fix potential XSS vulnerability
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

@bryanforbes bryanforbes merged commit 9117ffd into dojo:master Aug 10, 2018

1 check passed

licence/cla Contributor License Agreement is signed.
Details

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)

bryanforbes added a commit that referenced this pull request Aug 10, 2018

Fix potential XSS vulnerability (#307)
* Escape text coming from URL that is used in the page
* Comment out the contents of unit.html
* Prevent remote scripts being executed
* Remove remote URLs from unit test file

(cherry picked from commit 9117ffd)
@bryanforbes

This comment has been minimized.

Show comment
Hide comment
@bryanforbes

bryanforbes Aug 10, 2018

Member

Backported as 33eb767 (1.13), 2e27f9a (1.12), c15b3e7 (1.11), 48cb00f (1.10), 9e4b725 (1.9), and 595ea4e (1.8)

Member

bryanforbes commented Aug 10, 2018

Backported as 33eb767 (1.13), 2e27f9a (1.12), c15b3e7 (1.11), 48cb00f (1.10), 9e4b725 (1.9), and 595ea4e (1.8)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment