From 4ec947715d9faafcc71bc3fc3a5022a7919dbabf Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 09 Sep 2015 03:12:11 -0400
Subject: [PATCH] Fix XSS issue in drag-n-drop file uploads (#1490530)

---
 CHANGELOG         |    1 +
 program/js/app.js |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 33b4713..89da3ca 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@
 - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517)
 - Fix various issues with Turkish (and similar) locales (#1490519)
 - Fix so In-Reply-To header is set also for MDN receipts (#1490523)
+- Fix XSS issue in drag-n-drop file uploads (#1490530)
 
 RELEASE 1.0.6
 -------------
diff --git a/program/js/app.js b/program/js/app.js
index 603d2f8..3d3eeea 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -7281,7 +7281,8 @@
     var submit_data = function() {
       var multiple = files.length > 1,
         ts = new Date().getTime(),
-        content = '<span>' + (multiple ? ref.get_label('uploadingmany') : files[0].name) + '</span>';
+        // jQuery way to escape filename (#1490530)
+        content = $('<span>').text(multiple ? ref.get_label('uploadingmany') : files[0].name).html();
 
       // add to attachments list
       if (!ref.add2attachment_list(ts, { name:'', html:content, classname:'uploading', complete:false }))

--
Gitblit v1.9.1