Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/168278
Change subject: Fix XSS vulnerability ...................................................................... Fix XSS vulnerability Is a hack atm, would need more considered thought later Change-Id: Ifa165b73df0a0d6ff6bc90def961d257ccb4c386 --- M quarry/web/static/js/query/view.js 1 file changed, 20 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web refs/changes/78/168278/1 diff --git a/quarry/web/static/js/query/view.js b/quarry/web/static/js/query/view.js index a2330d5..9680118 100644 --- a/quarry/web/static/js/query/view.js +++ b/quarry/web/static/js/query/view.js @@ -1,5 +1,14 @@ $( function() { - var editor = CodeMirror.fromTextArea($("#code")[0], { + function htmlEscape(str) { + return String(str) + .replace(/&/g, '&') + .replace(/"/g, '"') + .replace(/'/g, ''') + .replace(/</g, '<') + .replace(/>/g, '>'); + } + + var editor = CodeMirror.fromTextArea( $("#code")[0], { mode: "text/x-mariadb", theme: "monokai", readOnly: !vars.can_edit, @@ -91,7 +100,16 @@ $.get( url ).done( function( data ) { var columns = []; $.each( data.headers, function( i, header ) { - columns.push( { 'title': header } ); + columns.push( { + 'title': htmlEscape( header ), + 'render': function( data, type, row ) { + if ( typeof data === 'string' ) { + return htmlEscape( data ); + } else { + return data; + } + } + } ); } ); var tableContainer = $( nunjucks.render( 'query-resultset.html', { -- To view, visit https://gerrit.wikimedia.org/r/168278 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifa165b73df0a0d6ff6bc90def961d257ccb4c386 Gerrit-PatchSet: 1 Gerrit-Project: analytics/quarry/web Gerrit-Branch: master Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits