Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix xss in tooltip, collapse and scrollspy plugins #26630

Merged
merged 4 commits into from Jun 1, 2018

Conversation

@Johann-S
Copy link
Member

commented May 30, 2018

Fixes #26625 / CVE-2018-14040
Fixes #26627 / CVE-2018-14041
Fixes #26628 / CVE-2018-14042

/CC @XhmikosR and @1Jesper1

@Johann-S Johann-S added js v4 labels May 30, 2018

@Johann-S Johann-S requested a review from XhmikosR May 30, 2018

@Johann-S Johann-S added this to Inbox in v4.1.2 via automation May 30, 2018

@XhmikosR

This comment has been minimized.

Copy link
Member

commented May 30, 2018

Hmm, it seems we are having some test failures @Johann-S :/

BTW, do we have any other places like these? Would be ideal if we tackled all similar issues now and release a new patch release soon-ish.

@Johann-S

This comment has been minimized.

Copy link
Member Author

commented May 30, 2018

yep I'm on it 😉 just a few minutes

It's a bit hard to identify all the possible XSS in once 😟 we should check all of our options

@Johann-S Johann-S force-pushed the v4-dev-jo-xss branch from fdf7f2a to 3229efc May 30, 2018

@XhmikosR

This comment has been minimized.

Copy link
Member

commented Jun 1, 2018

@Johann-S: let's get this merged and hopefully people will report if there are any other cases.

@Johann-S Johann-S merged commit cc61edf into v4-dev Jun 1, 2018

4 checks passed

bundlesize Good job! bundle size < maxSize
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 88.53%
Details

v4.1.2 automation moved this from Inbox to Shipped Jun 1, 2018

@Johann-S Johann-S deleted the v4-dev-jo-xss branch Jun 1, 2018

@mdo mdo referenced this pull request Jun 1, 2018

Closed

v4.1.2 ship list #26423

@denis-yuen denis-yuen referenced this pull request Nov 15, 2018

Open

Remove Bootstrap 3 #1899

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
2 participants
You can’t perform that action at this time.