Skip to content

Escape branch name in dropdown menu #3691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 19, 2018
Merged

Escape branch name in dropdown menu #3691

merged 1 commit into from
Mar 19, 2018

Conversation

@jonasfranz
Copy link
Member

@jonasfranz jonasfranz commented Mar 19, 2018
edited
Loading

Fix XSS part of #3681 by removing safe from BranchName in the dropdown menu.

Requires backport to 1.4.

@jonasfranz
Escape branch name in dropdown menu
61ce616 
Signed-off-by: Jonas Franz <info@jonasfranz.software>
@jonasfranz jonasfranz mentioned this pull request Mar 19, 2018
Merged
@codecov-io
Copy link

codecov-io commented Mar 19, 2018

Codecov Report

Merging #3691 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3691      +/-   ##
==========================================
- Coverage    35.8%   35.79%   -0.02%     
==========================================
  Files         287      287              
  Lines       41489    41489              
==========================================
- Hits        14857    14852       -5     
- Misses      24445    24450       +5     
  Partials     2187     2187
Impacted Files Coverage Δ
modules/process/manager.go 76.81% <0%> (-4.35%) ⬇️
models/repo_list.go 56.37% <0%> (-1.35%) ⬇️
models/repo_indexer.go 48.3% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c28bf94...61ce616. Read the comment docs.

@tboerger tboerger added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 19, 2018
@tboerger tboerger added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 19, 2018
@lafriks
Copy link
Member

lafriks commented Mar 19, 2018

It would been better to use escape just for branch name

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 19, 2018
@lunny lunny added the type/bug label Mar 19, 2018
@lunny lunny modified the milestones: 1.4.0, 1.5.0 Mar 19, 2018
@lunny lunny added backport/done All backports for this PR have been created backport/v1.4 labels Mar 19, 2018
@lunny lunny merged commit 59e70c5 into go-gitea:master Mar 19, 2018
@jonasfranz jonasfranz deleted the escape-branch-name branch March 19, 2018 17:56
@sapk sapk mentioned this pull request Mar 20, 2018
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@appleboy appleboy appleboy approved these changes

@Bwko Bwko Bwko approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.5.0

Development

Successfully merging this pull request may close these issues.

7 participants

@jonasfranz @codecov-io @lafriks @appleboy @Bwko @lunny @tboerger