[MediaWiki-commits] [Gerrit] Fix XSS vulnerability - change (analytics...web)

Thu, 23 Oct 2014 06:16:41 -0700 

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/168278

Change subject: Fix XSS vulnerability
......................................................................

Fix XSS vulnerability

Is a hack atm, would need more considered thought later

Change-Id: Ifa165b73df0a0d6ff6bc90def961d257ccb4c386
---
M quarry/web/static/js/query/view.js
1 file changed, 20 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web 
refs/changes/78/168278/1

diff --git a/quarry/web/static/js/query/view.js 
b/quarry/web/static/js/query/view.js
index a2330d5..9680118 100644
--- a/quarry/web/static/js/query/view.js
+++ b/quarry/web/static/js/query/view.js
@@ -1,5 +1,14 @@
 $( function() {
-    var editor = CodeMirror.fromTextArea($("#code")[0], {
+    function htmlEscape(str) {
+        return String(str)
+                .replace(/&/g, '&')
+                .replace(/"/g, '"')
+                .replace(/'/g, ''')
+                .replace(/</g, '&lt;')
+                .replace(/>/g, '&gt;');
+    }
+
+    var editor = CodeMirror.fromTextArea( $("#code")[0], {
         mode: "text/x-mariadb",
         theme: "monokai",
         readOnly: !vars.can_edit,
@@ -91,7 +100,16 @@
         $.get( url ).done( function( data ) {
             var columns = [];
             $.each( data.headers, function( i, header ) {
-                columns.push( { 'title': header } );
+                columns.push( {
+                    'title': htmlEscape( header ),
+                    'render': function( data, type, row ) {
+                        if ( typeof data === 'string' ) {
+                            return htmlEscape( data );
+                        } else {
+                            return data;
+                        }
+                    }
+                } );
             } );
 
             var tableContainer = $( nunjucks.render( 'query-resultset.html', {

-- 
To view, visit https://gerrit.wikimedia.org/r/168278
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifa165b73df0a0d6ff6bc90def961d257ccb4c386
Gerrit-PatchSet: 1
Gerrit-Project: analytics/quarry/web
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to