[Buildbot-commits] [SPAM] [Buildbot] #773: Commit message not escaped in waterfall
Buildbot
buildbot-devel at lists.sourceforge.net
Sun Apr 4 21:16:27 UTC 2010
#773: Commit message not escaped in waterfall
--------------------+-------------------------------------------------------
Reporter: Nicolas | Owner:
Type: defect | Status: new
Priority: major | Milestone: 0.8.0
Version: master | Keywords: jinja xss patch
--------------------+-------------------------------------------------------
After commit [http://websvn.kde.org/?view=revision&revision=1111002
1111002] to kdevplatform, my waterfall table got pretty messed up (cells
appearing in wrong columns) and the username in the change cell had a
piece of the commit message.
The problem is that commit message contained an XML tag, and
`change_macros.html` isn't HTML-escaping it.
Security-wise, this is an XSS bug, of low impact because it's only
exploitable by people who can commit to the project repository (or
otherwise get a `ChangeSource` to emit a `Change`).
{{{
#!diff
diff --git a/buildbot/status/web/templates/change_macros.html
b/buildbot/status/web/templates/change_macros.html
index 70dd76d..3ff361a 100644
--- a/buildbot/status/web/templates/change_macros.html
+++ b/buildbot/status/web/templates/change_macros.html
@@ -68,5 +68,5 @@
{%- endmacro %}
{% macro box_contents(who, url, title) -%}
-<a href="{{ url }}" title="{{ title }}">{{ who|user }}</a>
+<a href="{{ url }}" title="{{ title|e }}">{{ who|user }}</a>
{%- endmacro %}
}}}
--
Ticket URL: <http://buildbot.net/trac/ticket/773>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the Commits
mailing list