Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport #5570 - Immediate fix to htmlEncode user added text #5575

Merged
merged 2 commits into from
Dec 21, 2018
Merged

Backport #5570 - Immediate fix to htmlEncode user added text #5575

merged 2 commits into from
Dec 21, 2018

Conversation

techknowlogick
Copy link
Member

There are likely problems remaining with the way that initCommentForm
is creating its elements. I suspect that a malformed avatar url could
be used maliciously.

#5570

@zeripath @techknowlogick
Immediate fix to htmlEncode user added text
76932fe 
There are likely problems remaining with the way that initCommentForm
is creating its elements. I suspect that a malformed avatar url could
be used maliciously.

Signed-off-by: Matti Ranta <matti@mdranta.net>
@techknowlogick techknowlogick added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! labels Dec 21, 2018
@techknowlogick techknowlogick added this to the 1.6.2 milestone Dec 21, 2018
@techknowlogick techknowlogick mentioned this pull request Dec 21, 2018
Merged
@bkcsoft bkcsoft added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 21, 2018
@bkcsoft bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 21, 2018
@techknowlogick techknowlogick merged commit af4626a into go-gitea:release/v1.6 Dec 21, 2018
@techknowlogick techknowlogick deleted the backport-5570 branch December 21, 2018 14:05
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@adelowo adelowo adelowo approved these changes

@Bwko Bwko Bwko approved these changes

@lunny lunny Awaiting requested review from lunny

@zeripath zeripath Awaiting requested review from zeripath

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.6.2
Development

Successfully merging this pull request may close these issues.
5 participants
@techknowlogick @adelowo @Bwko @bkcsoft @zeripath