Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

properly escape session and acl data in UI #2456

Merged
merged 2 commits into from
Nov 1, 2016
Merged

properly escape session and acl data in UI #2456

merged 2 commits into from
Nov 1, 2016

Conversation

markupboy
Copy link
Contributor

fixes an XSS vulnerability caused by having the sessionName, sessionMeta, and aclName blindly returning data as Handlebars.SafeStrings

@markupboy
update libv8 gem to something that compiles
599c5ea
@markupboy
properly escape session and acl data in UI
44ab1f5 
fixes an XSS vulnerability caused by having the sessionName, sessionMeta, and aclName blindly returning data as Handlebars.SafeStrings
@slackpad slackpad merged commit c310907 into master Nov 1, 2016
@slackpad slackpad deleted the ui_xss branch November 1, 2016 01:16
slackpad added a commit that referenced this pull request Nov 1, 2016
@slackpad
Builds static assets to pick up #2456.
723f70e
slackpad added a commit that referenced this pull request Nov 2, 2016
@slackpad
Builds static assets to pick up #2456 (redux).
e8caf76 
Built this time using the same container that the dist build uses so
it won't see a difference and fail the build.
johncowen pushed a commit that referenced this pull request May 4, 2018
@markupboy @slackpad
properly escape session and acl data in UI (#2456)
1e179b7 
* update libv8 gem to something that compiles

* properly escape session and acl data in UI

fixes an XSS vulnerability caused by having the sessionName, sessionMeta, and aclName blindly returning data as Handlebars.SafeStrings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@markupboy @slackpad