Save Forge Now: Fix XSS in request list
ClosedPublic
Actions

Authored by vlorentz on Mar 29 2022, 2:00 PM.

Details

Reviewers

anlambert
ardumont

Group Reviewers

Reviewers

Commits

rDWAPPS853e39f633db: Save Forge Now: Fix XSS in request list

Summary

Origin URLs were printed unsanitized

Same issue as in D7365#191764

Diff Detail

Repository

rDWAPPS Web applications

Branch

master

Lint

No Linters Available

Unit

No Unit Test Coverage

Build Status

Buildable 27900
Build 43685: Phabricator diff pipeline on jenkins	Jenkins console · Jenkins
Build 43684: arc lint + arc unit

Event Timeline

vlorentz created this revision.Mar 29 2022, 2:00 PM

Herald added a reviewer: Reviewers. · View Herald TranscriptMar 29 2022, 2:00 PM

Build is green

Patch application report for D7454 (id=26984)

Rebasing onto f7281122f2...

Current branch diff-target is up to date.

Changes applied before test

commit 853e39f633dbecb75ca043411204066e35e27e5a
Author: Valentin Lorentz <vlorentz@softwareheritage.org>
Date:   Tue Mar 29 13:58:47 2022 +0200

    Save Forge Now: Fix XSS in request list
    
    Origin URLs were printed unsanitized

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/1621/ for more details.

Harbormaster completed remote builds in B27900: Diff 26984.Mar 29 2022, 2:18 PM

vlorentz requested review of this revision.Mar 29 2022, 2:18 PM

anlambert accepted this revision.Mar 29 2022, 2:27 PM

This revision is now accepted and ready to land.Mar 29 2022, 2:27 PM

ardumont accepted this revision.Mar 29 2022, 2:28 PM

Closed by commit rDWAPPS853e39f633db: Save Forge Now: Fix XSS in request list (authored by vlorentz). · Explain WhyMar 29 2022, 2:35 PM

This revision was automatically updated to reflect the committed changes.

vlorentz added a commit: rDWAPPS853e39f633db: Save Forge Now: Fix XSS in request list.

vlorentz mentioned this in T4231: Split archive browsing and administration/moderation.May 11 2022, 11:19 AM

Revision Contents
Changeset List

Path

Size

Coverage (All)

Coverage (Touched)

assets/

src/

bundles/

add_forge/

create-request.js

6 lines

95%

Diff 26984

View Options

assets/src/bundles/add_forge/create-request.js

Save Forge Now: Fix XSS in request listClosedPublicActions