Permalink
Browse files

Merge branch 'jk/maint-gitweb-xss'

Fixes an XSS vulnerability in gitweb.

* jk/maint-gitweb-xss:
  gitweb: escape html in rss title
  • Loading branch information...
2 parents 05849c4 + 0f0ecf6 commit 79a09bba1cc919f5ea0992db358fb4b14ab2c226 @gitster gitster committed Nov 20, 2012
Showing with 16 additions and 0 deletions.
  1. +1 −0 gitweb/gitweb.perl
  2. +15 −0 t/t9502-gitweb-standalone-parse-output.sh
View
@@ -8054,6 +8054,7 @@ sub git_feed {
$feed_type = 'history';
}
$title .= " $feed_type";
+ $title = esc_html($title);
my $descr = git_get_project_description($project);
if (defined $descr) {
$descr = esc_html($descr);
@@ -185,5 +185,20 @@ test_expect_success 'forks: project_index lists all projects (incl. forks)' '
test_cmp expected actual
'
+xss() {
+ echo >&2 "Checking $1..." &&
+ gitweb_run "$1" &&
+ if grep "$TAG" gitweb.body; then
+ echo >&2 "xss: $TAG should have been quoted in output"
+ return 1
+ fi
+ return 0
+}
+
+test_expect_success 'xss checks' '
+ TAG="<magic-xss-tag>" &&
+ xss "a=rss&p=$TAG" &&
+ xss "a=rss&p=foo.git&f=$TAG"
+'
test_done

0 comments on commit 79a09bb

Please sign in to comment.