Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-Site Scripting Warning in app/views/webui/user/show.html.erb #1218

Closed
hennevogel opened this issue Oct 12, 2015 · 2 comments
Closed

Cross-Site Scripting Warning in app/views/webui/user/show.html.erb #1218

hennevogel opened this issue Oct 12, 2015 · 2 comments
Assignees
@ChrisBr
Labels
Bug Frontend Things related to the OBS RoR app P1 EVERYONE drop everything and fix this NOW

Comments

@hennevogel
Copy link
Member

Security issue from Hakiri: Unescaped model attribute in app/views/webui/user/show.html.erb
@hennevogel hennevogel added Bug Frontend Things related to the OBS RoR app P1 EVERYONE drop everything and fix this NOW labels Oct 12, 2015
@bgeuken bgeuken self-assigned this Oct 12, 2015
@bgeuken
Copy link
Member

bgeuken commented Oct 12, 2015

The data used here are take from the DB. Users can't manipulate them.

@bgeuken bgeuken closed this as completed Oct 12, 2015
@bgeuken bgeuken assigned ChrisBr and unassigned bgeuken Oct 12, 2015
@hennevogel
Copy link
Member Author

p[1] is title which is not input checked...

@hennevogel hennevogel reopened this Oct 12, 2015
@ChrisBr ChrisBr assigned ChrisBr and unassigned ChrisBr Oct 12, 2015
ChrisBr added a commit to ChrisBr/open-build-service that referenced this issue Oct 12, 2015
@ChrisBr
[webui] Fix possible XSS attack on project title
725e4a6 
Project.title can contain html / js tags which will be rendered.
Close openSUSE#1218
ChrisBr added a commit to ChrisBr/open-build-service that referenced this issue Oct 12, 2015
@ChrisBr
[webui] Fix possible XSS attack on project title
b44ac49 
Project.title can contain html / js tags which will be rendered.
Close openSUSE#1218
@ChrisBr ChrisBr mentioned this issue Oct 12, 2015
Merged
ChrisBr added a commit to ChrisBr/open-build-service that referenced this issue Oct 12, 2015
@ChrisBr
[webui] Fix possible XSS attack on project title
9cc635b 
Project.title can contain html / js tags which will be rendered.
Close openSUSE#1218
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChrisBr ChrisBr

Labels
Bug Frontend Things related to the OBS RoR app P1 EVERYONE drop everything and fix this NOW
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hennevogel @bgeuken @ChrisBr