]> source.dussan.org Git - jquery-ui.git/commit
projects / jquery-ui.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: af8adca) | patch
Build: Fix an XSS in the test server HTML serving logic
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>
Mon, 28 Oct 2024 15:47:29 +0000 (16:47 +0100)
committerGitHub <noreply@github.com>
Mon, 28 Oct 2024 15:47:29 +0000 (16:47 +0100)
commit85bed8ddd893390fd41bd7e93d2a44a1b5d9b885
tree025040a0e3d592dddfb9ca65208c6e65edea2eb7tree | snapshot
parentaf8adca5481d0ac5db0865032b6c4c7e21421be7commit | diff
Build: Fix an XSS in the test server HTML serving logic

The test server has a rule for `/tests/unit/*/*.html` paths that serves
a proper local file. However, the parameters after `/unit/` so far accepted
many characters that have special meaning, leading to possibly reading a file
from outside of the Git repository. Fix that by only accepting alphanumeric
characters, `-` or `_`.

This should resolve one CodeQL alert.

Closes gh-2309
tests/runner/createTestServer.js diff | blob | history
The official jQuery user interface library: https://github.com/jquery/jquery-ui