diff options
| author | Gusted <williamzijl7@hotmail.com> | 2021-11-17 18:08:25 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-17 18:08:25 +0000 |
| commit | d8a8961b99adc1554c218fee474535d4f302bd11 (patch) | |
| tree | 875b1ec50f0cef7dd4c624d52f40c092b4ba10ca /web_src/js/features/repo-editor.js | |
| parent | 5233051e64e90238bb7b6ddf9ecd1513e57bf8e9 (diff) | |
| download | gitea-d8a8961b99adc1554c218fee474535d4f302bd11.tar.gz gitea-d8a8961b99adc1554c218fee474535d4f302bd11.zip | |
Sanitize user-input on file name (#17666)
* Sanitize user-input on file name
- Sanitize user-input before it get passed into the DOM.
- Prevent things like "<iframe onload=alert(1)></iframe>" from being
executed. This isn't a XSS attack as the server seems to be santizing
the path as well.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'web_src/js/features/repo-editor.js')
| -rw-r--r-- | web_src/js/features/repo-editor.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/web_src/js/features/repo-editor.js b/web_src/js/features/repo-editor.js index 7bf401207a..571fed9d27 100644 --- a/web_src/js/features/repo-editor.js +++ b/web_src/js/features/repo-editor.js @@ -1,3 +1,4 @@ +import {htmlEscape} from 'escape-goat'; import {initMarkupContent} from '../markup/content.js'; import {createCodeEditor} from './codeeditor.js'; @@ -109,7 +110,7 @@ export function initRepoEditor() { value = parts[i]; if (i < parts.length - 1) { if (value.length) { - $(`<span class="section"><a href="#">${value}</a></span>`).insertBefore($(this)); + $(`<span class="section"><a href="#">${htmlEscape(value)}</a></span>`).insertBefore($(this)); $('<div class="divider"> / </div>').insertBefore($(this)); } } else { |