Commits

Anonymous committed 326922f Merge

Merge branch 'jk/maint-gitweb-xss' into maint

Fixes an XSS vulnerability in gitweb.

* jk/maint-gitweb-xss:
gitweb: escape html in rss title

Comments (0)

Files changed (2)

gitweb/gitweb.perl

 		$feed_type = 'history';
 	}
 	$title .= " $feed_type";
+	$title = esc_html($title);
 	my $descr = git_get_project_description($project);
 	if (defined $descr) {
 		$descr = esc_html($descr);

t/t9502-gitweb-standalone-parse-output.sh

 	test_cmp expected actual
 '
 
+xss() {
+	echo >&2 "Checking $1..." &&
+	gitweb_run "$1" &&
+	if grep "$TAG" gitweb.body; then
+		echo >&2 "xss: $TAG should have been quoted in output"
+		return 1
+	fi
+	return 0
+}
+
+test_expect_success 'xss checks' '
+	TAG="<magic-xss-tag>" &&
+	xss "a=rss&p=$TAG" &&
+	xss "a=rss&p=foo.git&f=$TAG"
+'
 
 test_done