From dd7db217979d6960f53b6544cf053d8c0db8c416 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 09 Sep 2015 03:09:59 -0400
Subject: [PATCH] Fix XSS issue in drag-n-drop file uploads (#1490530)

---
 CHANGELOG         |    1 +
 program/js/app.js |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7eaa2ff..1810995 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -63,6 +63,7 @@
 - Fix various issues with Turkish (and similar) locales (#1490519)
 - Fix so In-Reply-To header is set also for MDN receipts (#1490523)
 - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header
+- Fix XSS issue in drag-n-drop file uploads (#1490530)
 
 RELEASE 1.1.2
 -------------
diff --git a/program/js/app.js b/program/js/app.js
index d322d6b..4b9f5d6 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -7916,7 +7916,8 @@
     var submit_data = function() {
       var multiple = files.length > 1,
         ts = new Date().getTime(),
-        content = '<span>' + (multiple ? ref.get_label('uploadingmany') : files[0].name) + '</span>';
+        // jQuery way to escape filename (#1490530)
+        content = $('<span>').text(multiple ? ref.get_label('uploadingmany') : files[0].name).html();
 
       // add to attachments list
       if (!ref.add2attachment_list(ts, { name:'', html:content, classname:'uploading', complete:false }))

--
Gitblit v1.9.1