[MediaWiki-commits] [Gerrit] Fix XSS vulnerability - change (mediawiki...MsCalendar)

Mon, 23 May 2016 06:56:59 -0700 

Luis Felipe Schenone has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/290232

Change subject: Fix XSS vulnerability
......................................................................

Fix XSS vulnerability

Change-Id: I32b022e8aa7412ff9f36dd7fc874830ef16635ed
---
M js/MsCalendar.js
1 file changed, 8 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MsCalendar 
refs/changes/32/290232/1

diff --git a/js/MsCalendar.js b/js/MsCalendar.js
index 5bb2fd7..f64d344 100644
--- a/js/MsCalendar.js
+++ b/js/MsCalendar.js
@@ -160,19 +160,22 @@
                        if ( this_dialog.find( 'input[name="remove_event"]' 
).is( ':checked' ) ) {
                                rs_var = 'MsCalendar::remove';
                        }
-                       var inhalt = this_dialog.find( 
'input[name="form_inhalt"]' ),
-                               datum = this_dialog.find( 
'input[name="form_datum"]' ),
-                               event_id = this_dialog.find( 
'input[name="form_id"]' ),
-                               duration = this_dialog.find( 
'input[name="form_duration"]' ),
+                       var inhalt = this_dialog.find( 
'input[name="form_inhalt"]' ).val(),
+                               datum = this_dialog.find( 
'input[name="form_datum"]' ).val(),
+                               event_id = this_dialog.find( 
'input[name="form_id"]' ).val(),
+                               duration = this_dialog.find( 
'input[name="form_duration"]' ).val(),
                                yearly = this_dialog.find( 
'input[name="form_yearly"]' ).is( ':checked' ) ? 1 : 0,
                                bValid = true;
+
+                       // Sanitize
+                       inhalt = $( '<div>' ).html( inhalt ).text();
 
                        if ( bValid ) {
                                //console.log( datum.val() );
                                $.get( mw.util.wikiScript(), {
                                        action: 'ajax',
                                        rs: rs_var,
-                                       rsargs: [ calendarId, datum.val(), 
inhalt.val(), event_id.val(), duration.val(), yearly ]
+                                       rsargs: [ calendarId, datum, inhalt, 
event_id, duration, yearly ]
                                }, function ( data ) {
                                        loadMonth();
                                }, 'json' );

-- 
To view, visit https://gerrit.wikimedia.org/r/290232
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I32b022e8aa7412ff9f36dd7fc874830ef16635ed
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MsCalendar
Gerrit-Branch: master
Gerrit-Owner: Luis Felipe Schenone <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to