Florianschmidtwelzow has uploaded a new change for review.
https://gerrit.wikimedia.org/r/281991
Change subject: [SECURITY] Fix possible XSS attack
......................................................................
[SECURITY] Fix possible XSS attack
The request to the extracts api is made with plaintext to get an
unformatted output (without bold, italic and other text formatting).
However, the output isn't parsed or anything else, it is passed directly
to the output as plain HTML. This allows an attacker to insert scripts
and other html into the output which is escaped on the page directly,
but not in the quicksearchlookup information box at the right side, which
is a security risk.
This change fixes the risk by not passing the content to an OOUI\HtmlSnippet
element anymore.
Bug: T130468
Change-Id: I430e137217c0f01b6807925e703ca71ce9989fe5
---
M includes/QuickSearchLookup.php
1 file changed, 1 insertion(+), 1 deletion(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/QuickSearchLookup
refs/changes/91/281991/1
diff --git a/includes/QuickSearchLookup.php b/includes/QuickSearchLookup.php
index 060e161..6118aad 100644
--- a/includes/QuickSearchLookup.php
+++ b/includes/QuickSearchLookup.php
@@ -156,7 +156,7 @@
// the ButtonWidget
$layout = new OOUI\Layout();
$layout
- ->appendContent( new OOUI\HtmlSnippet(
$text ) )
+ ->appendContent( $text )
->addClasses( array(
'mw-search-quicklookup-text',
// this class adds space
between the text and the read more button (which is positioned
--
To view, visit https://gerrit.wikimedia.org/r/281991
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I430e137217c0f01b6807925e703ca71ce9989fe5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/QuickSearchLookup
Gerrit-Branch: master
Gerrit-Owner: Florianschmidtwelzow <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
