Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize input used in error template #5498

Merged
merged 1 commit into from Apr 18, 2019
Merged

Sanitize input used in error template #5498

merged 1 commit into from Apr 18, 2019

Conversation

TatuLund
Copy link
Contributor

@TatuLund TatuLund commented Apr 16, 2019
edited by SomeoneToIgnore

As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.

This change is Reviewable

@TatuLund
Sanitize input used in error template
cde1389 
As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.
@CLAassistant
Copy link

CLAassistant commented Apr 16, 2019
edited

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@ujoni ujoni requested a review from caalador April 16, 2019 07:20
caalador
caalador requested changes Apr 16, 2019
View reviewed changes
Copy link
Contributor

@caalador caalador left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 unresolved discussion, 0 of 1 LGTMs obtained (waiting on @caalador and @TatuLund)

a discussion (no related file):
Could you add tests that check that we get the expected output for acceptable and faulty inputs

@caalador caalador requested a review from ujoni April 16, 2019 10:39
caalador
caalador approved these changes Apr 18, 2019
View reviewed changes
Copy link
Contributor

@caalador caalador left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 1 of 1 files at r1.
Reviewable status: :shipit: complete! all discussions resolved, 1 of 1 LGTMs obtained (waiting on @ujoni)

@caalador caalador merged commit f56eb43 into master Apr 18, 2019
@caalador caalador deleted the fix_xss branch April 18, 2019 11:02
caalador pushed a commit that referenced this pull request Apr 18, 2019
@TatuLund @caalador
Sanitize input used in error template (#5498)
71e14f2 
As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.
caalador pushed a commit that referenced this pull request Apr 18, 2019
@TatuLund @caalador
Sanitize input used in error template (#5498)
1835420 
As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.
caalador added a commit that referenced this pull request Apr 18, 2019
@caalador
Sanitize input used in error template (#5498) (#5517)
620dff9 
As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.
caalador added a commit that referenced this pull request Apr 18, 2019
@caalador
Sanitize input used in error template (#5498) (#5518)
5645299 
As error template is html, and the input used in it is taken from the path, which can be anything, the input needs to be sanitized before added to the template to avoid possible XSS injection.
@ujoni ujoni added this to the 1.5.0.alpha4 milestone Apr 18, 2019
ujoni added a commit that referenced this pull request Apr 18, 2019
@ujoni
Test for xss attack (#5519)
1e95910 
Test for #5498
ujoni added a commit that referenced this pull request Apr 18, 2019
@ujoni
Test for xss attack (#5519)
1d36f05 
Test for #5498
ujoni added a commit that referenced this pull request Apr 18, 2019
@ujoni
Test for xss attack (#5519)
acc37c2 
Test for #5498
This was referenced Apr 18, 2019
Merged
Merged
ujoni added a commit that referenced this pull request Apr 18, 2019
@ujoni
Test for xss attack (#5519) (#5520)
f336679 
Test for #5498
ujoni added a commit that referenced this pull request Apr 18, 2019
@ujoni
Test for xss attack (#5519)
b7ee0ff 
Test for #5498
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caalador caalador caalador approved these changes

@ujoni ujoni Awaiting requested review from ujoni

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.0.alpha4
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@TatuLund @CLAassistant @caalador @ujoni