• Kerri Miller's avatar
    Reject slug+uri concat if slug is deemed unsafe · aef4b0a5
    Kerri Miller authored
    First reported:
      https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
    
    When the page slug is "javascript:" and we attempt to link to a relative
    path (using `.` or `..`) the code will concatenate the slug and the uri.
    This MR adds a guard to that concat step that will return `nil` if the
    incoming slug matches against any of the "unsafe" slug regexes;
    currently this is only for the slug "javascript:" but can be extended if
    needed. Manually tested against a non-exhaustive list from OWASP of
    common javascript XSS exploits that have to to with mangling the
    "javascript:" method, and all are caught by this change or by existing
    code that ingests the user-specified slug.
    aef4b0a5
Name
Last commit
Last update
.github Loading commit data...
.gitlab Loading commit data...
app Loading commit data...
bin Loading commit data...
builds Loading commit data...
changelogs Loading commit data...
config Loading commit data...
danger Loading commit data...
db Loading commit data...
doc Loading commit data...
docker Loading commit data...
fixtures/emojis Loading commit data...
generator_templates Loading commit data...
lib Loading commit data...
locale Loading commit data...
log Loading commit data...
plugins/examples Loading commit data...
public Loading commit data...
qa Loading commit data...
rubocop Loading commit data...
scripts Loading commit data...
shared Loading commit data...
spec Loading commit data...
symbol Loading commit data...
tmp Loading commit data...
vendor Loading commit data...
.codeclimate.yml Loading commit data...
.csscomb.json Loading commit data...
.eslintignore Loading commit data...
.eslintrc.yml Loading commit data...
.foreman Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.haml-lint.yml Loading commit data...
.mailmap Loading commit data...
.nvmrc Loading commit data...
.pkgr.yml Loading commit data...
.prettierignore Loading commit data...
.prettierrc Loading commit data...
.rubocop.yml Loading commit data...
.rubocop_todo.yml Loading commit data...
.ruby-version Loading commit data...
.scss-lint.yml Loading commit data...
.stylelintrc Loading commit data...
CHANGELOG.md Loading commit data...
CONTRIBUTING.md Loading commit data...
Dangerfile Loading commit data...
Dockerfile.assets Loading commit data...
GITALY_SERVER_VERSION Loading commit data...
GITLAB_PAGES_VERSION Loading commit data...
GITLAB_SHELL_VERSION Loading commit data...
GITLAB_WORKHORSE_VERSION Loading commit data...
Gemfile Loading commit data...
Gemfile.lock Loading commit data...
INSTALLATION_TYPE Loading commit data...
LICENSE Loading commit data...
MAINTENANCE.md Loading commit data...
PHILOSOPHY.md Loading commit data...
PROCESS.md Loading commit data...
Pipfile Loading commit data...
Pipfile.lock Loading commit data...
Procfile Loading commit data...
README.md Loading commit data...
Rakefile Loading commit data...
VERSION Loading commit data...
babel.config.js Loading commit data...
config.ru Loading commit data...
docker-compose.yml Loading commit data...
jest.config.js Loading commit data...
package.json Loading commit data...
yarn.lock Loading commit data...