Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Fix html injection vulnerability

Download Browse

Part of epic #12142 Baseline v1 All fields content were displayed as html in baseline view. So, one user can save content with some JS script which may be executed by victim when showing baseline page. Change-Id: I3f967c34cf95b3766c2ea6d36964883f43a701fd

+142 −5
Jean-Baptiste Mille (jibidus) 2019-03-26 13:34
alban bertolini (alban) 2019-03-27 16:16
dc3f58565408bd48a81e98f1bc57d925849b46e9
cf18d3adc0f72e040e22c0278adc7e754e8b214e
git #tuleap/stable/dc3f58565408bd48a81e98f1bc57d925849b46e9

Modified Files

Side by side diff
Inline diff
Name
M scripts/baseline/components/baseline-page/BaselineArtifact.vue +1 −0 Go to diff View file
A scripts/baseline/components/baseline-page/Field.spec.js +55 −0 Go to diff View file
M scripts/baseline/components/baseline-page/Field.vue +13 −2 Go to diff View file
A scripts/baseline/components/comparison/content/FieldComparison.spec.js +62 −0 Go to diff View file
M scripts/baseline/components/comparison/content/FieldComparison.vue +5 −3 Go to diff View file
M scripts/package-lock.json +5 −0 Go to diff View file
M scripts/package.json +1 −0 Go to diff View file