Jsahleen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/183746
Change subject: Security: Prevent XSS
......................................................................
Security: Prevent XSS
* Decodes JSON and replaces html entities >, < and "
Bug: T85686
Change-Id: I83f4b359ba9a3f01b8818e0cbc1b989cebaa5565
---
M modules/tools/ext.cx.tools.mt.js
1 file changed, 9 insertions(+), 3 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ContentTranslation
refs/changes/46/183746/1
diff --git a/modules/tools/ext.cx.tools.mt.js b/modules/tools/ext.cx.tools.mt.js
index 526c75f..31c7167 100644
--- a/modules/tools/ext.cx.tools.mt.js
+++ b/modules/tools/ext.cx.tools.mt.js
@@ -85,7 +85,7 @@
$( '<div>' ).addClass( 'bounce1' ),
$( '<div>' ).addClass( 'bounce2' ),
$( '<div>' ).addClass( 'bounce3' )
- );
+ );
}
/**
@@ -172,8 +172,14 @@
markMTLoading( $section );
translateSection( $sourceSection, prefetch )
.done( function ( translation ) {
+ var html;
if ( translation ) {
- $section.replaceWith( $( translation )
+ // Prevent XSS
+ html = translation.contents
+ .replace( /</g, '<' )
+ .replace( />/g, '>' )
+ .replace( /"/g, '"' );
+ $section.replaceWith( $( html )
.children()
.attr( {
id: 'cx' + sourceId,
@@ -242,7 +248,7 @@
this.actions.$restore,
this.actions.$source,
this.actions.$clear
- );
+ );
$bottom = $( '<div>' )
.addClass( 'card__bottom' );
--
To view, visit https://gerrit.wikimedia.org/r/183746
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I83f4b359ba9a3f01b8818e0cbc1b989cebaa5565
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ContentTranslation
Gerrit-Branch: master
Gerrit-Owner: Jsahleen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits