Merge pull request #333 from scouttyg/kandan-330-xss

Fixed XSS vulnerability by sanitizing fields when adding via Javascript
kandanapp · Apr 17, 2014 · 7ac2180 · 7ac2180
2 parents 3b0e13d + 5c9c84f
commit 7ac2180
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/assets/javascripts/backbone/plugins/user_list.js.coffee b/app/assets/javascripts/backbone/plugins/user_list.js.coffee
@@ -7,7 +7,7 @@ class Kandan.Plugins.UserList
   @template: _.template '''
     <li class="user" title="<%= name %>">
       <img class="avatar" src="<%= avatarUrl %>"/>
-      <%= name %><% if(admin){ %> <span class="badge badge-important">Admin</span><% } %>
+      <%- name %><% if(admin){ %> <span class="badge badge-important">Admin</span><% } %>
     </li>
   '''
 

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -11,7 +11,7 @@
   <%= yield :head %>
   <%- if user_signed_in? %>
     <%= javascript_tag do %>
-      $.data(document, "current-user", <%= current_user_data.to_json.html_safe %>);
+      $.data(document, "current-user", <%= sanitize(current_user_data.to_json.html_safe) %>);
     <% end %>
   <%- end %>
 </head>