Skip to content

Commit

Permalink
Avoid setting window.location directly to avoid exploit of cross site…
Browse files Browse the repository at this point in the history 
… scripting. Thanks to Lokesh (@lokesh1095) for the report and solution. Closes GitLab issue #494.

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
  • Loading branch information
@siloraptor
siloraptor committed Aug 16, 2018
1 parent ed76278 commit 9ebe805
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions HISTORY.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@
links' icons.
- Documents app: Hide the title link of documents in the trash.
- Workflow app: Define a redirection after workflow actions are edited.
- Appearance app: avoid setting window.location directly to avoid exploit
of cross site scripting. Thanks to Lokesh (@lokesh1095) for the report
and solution. Closes GitLab issue #494.

3.0.1 (2018-07-08)
=================
Expand Down
2 changes: 1 addition & 1 deletion mayan/apps/appearance/templates/appearance/base_plain.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
// template.
var currentHash = window.location.hash;
if (currentHash.length) {
window.location = currentHash.substring(1);
window.location.pathname = currentHash.substring(1);
}

function waitForJQuery(func) {
Expand Down

0 comments on commit 9ebe805

Please sign in to comment.