Merge lp:~mhall119/summit/xss-vulnerability-fix into lp:~summit-hackers/summit/1.x
Proposed by
Michael Hall
Status: | Merged |
---|---|
Approved by: | Nigel Babu |
Approved revision: | 144 |
Merged at revision: | 144 |
Proposed branch: | lp:~mhall119/summit/xss-vulnerability-fix |
Merge into: | lp:~summit-hackers/summit/1.x |
Diff against target: |
193 lines (+166/-2) 2 files modified
summit/sponsor/templates/sponsor/review.html (+1/-1) summit/sponsor/tests.py (+165/-1) |
To merge this branch: | bzr merge lp:~mhall119/summit/xss-vulnerability-fix |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Nigel Babu (community) | Approve | ||
Review via email: mp+73091@code.launchpad.net |
Description of the change
Overview
========
Sponsorship application data was being displayed unescaped, allowing javascript injection into the pages.
Details
=======
Django will escape data being inserted into a template by default, but due to a combination of template filters the sponsorship.about field was having it's unescaped data inserted, which allowed for someone to submit a sponsorship application containing embedded javascript that would be executed by any user viewing their application. This MP contains tests for specifically this behavior, and changes the order of filters being applied so that the final result will still be properly escaped.
To post a comment you must log in.
Ack. Good catch. I'm tempted to Rick Roll someone before we merge it in though :P