From d8a8961b99adc1554c218fee474535d4f302bd11 Mon Sep 17 00:00:00 2001 From: Gusted Date: Wed, 17 Nov 2021 18:08:25 +0000 Subject: [PATCH] Sanitize user-input on file name (#17666) * Sanitize user-input on file name - Sanitize user-input before it get passed into the DOM. - Prevent things like "" from being executed. This isn't a XSS attack as the server seems to be santizing the path as well. Co-authored-by: wxiaoguang --- web_src/js/features/repo-editor.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web_src/js/features/repo-editor.js b/web_src/js/features/repo-editor.js index 7bf401207..571fed9d2 100644 --- a/web_src/js/features/repo-editor.js +++ b/web_src/js/features/repo-editor.js @@ -1,3 +1,4 @@ +import {htmlEscape} from 'escape-goat'; import {initMarkupContent} from '../markup/content.js'; import {createCodeEditor} from './codeeditor.js'; @@ -109,7 +110,7 @@ export function initRepoEditor() { value = parts[i]; if (i < parts.length - 1) { if (value.length) { - $(`${value}`).insertBefore($(this)); + $(`${htmlEscape(value)}`).insertBefore($(this)); $('
/
').insertBefore($(this)); } } else {