source.dussan.org Git - gitea.git/commit

]> source.dussan.org Git - gitea.git/commit

author	Gusted <williamzijl7@hotmail.com>
	Wed, 17 Nov 2021 18:08:25 +0000 (18:08 +0000)
committer	GitHub <noreply@github.com>
	Wed, 17 Nov 2021 18:08:25 +0000 (18:08 +0000)
commit	d8a8961b99adc1554c218fee474535d4f302bd11
tree	875b1ec50f0cef7dd4c624d52f40c092b4ba10ca	tree \| snapshot
parent	5233051e64e90238bb7b6ddf9ecd1513e57bf8e9	commit \| diff

Sanitize user-input on file name (#17666)

* Sanitize user-input on file name

- Sanitize user-input before it get passed into the DOM.
- Prevent things like "<iframe onload=alert(1)></iframe>" from being
executed. This isn't a XSS attack as the server seems to be santizing
the path as well.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

web_src/js/features/repo-editor.js

diff | blob | history

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

RSS Atom