Nemcio/Gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 19:06:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent possible XSS when using jQuery (#18289)

Browse Source 
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
This commit is contained in:
Gusted
2022-01-16 05:14:32 +00:00
committed by GitHub
parent 4b4884ce88
commit 661d3d28e9
10 changed files with 39 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
web_src/js/features/repo-settings.js
View File

@@ -52,14 +52,14 @@ export function initRepoSettingBranches() {
initRepoCommonFilterSearchDropdown('.protected-branches .dropdown');
$('.enable-protection, .enable-whitelist, .enable-statuscheck').on('change', function () {
if (this.checked) {
$($(this).data('target')).removeClass('disabled');
$.find($(this).data('target')).removeClass('disabled');
} else {
$($(this).data('target')).addClass('disabled');
$.find($(this).data('target')).addClass('disabled');
}
});
$('.disable-whitelist').on('change', function () {
if (this.checked) {
$($(this).data('target')).addClass('disabled');
$.find($(this).data('target')).addClass('disabled');
}
});
}