Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Fix request #31586: XSS in the tooltip via an artifact title

Download Browse

Next step for the current story #26777 is to display the xref on top of the title so in order to prepare the field we use mustache to escape the title instead of DOMPurifier. Part of story #26777: have artifact tooltips on roadmap Change-Id: I534ead8a88361b364f5ee81556251dc3dc4c0bf6

+42 −11
Nicolas Terray (nterray) 2023-04-20 14:13
Nicolas Terray (nterray) 2023-04-20 18:16
fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
20b9cf4b0575cfcad64daf092b93466b14b96da0
git #tuleap/stable/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

Modified Files

Side by side diff
Inline diff
Name
M plugins/tracker/include/Tracker/Artifact/Artifact.php +1 −0 Go to diff View file
M plugins/tracker/include/Tracker/Semantic/Tooltip/TooltipFetcher.php +10 −4 Go to diff View file
A plugins/tracker/templates/tooltip/artifact-tooltip-title.mustache +1 −0 Go to diff View file
M plugins/tracker/tests/unit/Tracker/Semantic/Tooltip/TooltipFetcherTest.php +30 −7 Go to diff View file