Skip to content

fix: cross-site scripting vulnerability on logout page#30544

Merged
waheedahmed merged 1 commit intoopen-release/nutmeg.masterfrom
waheed/backport-van-972-logout-xss-fix
Jun 6, 2022
Merged

fix: cross-site scripting vulnerability on logout page#30544
waheedahmed merged 1 commit intoopen-release/nutmeg.masterfrom
waheed/backport-van-972-logout-xss-fix

Conversation

@waheedahmed
Copy link
Contributor

@waheedahmed waheedahmed commented Jun 6, 2022

Description

The target URL on logout page is marked as safe while rendering and making the page volunerable to Cross-site scripting vulnerability.

Rendered the target variable outside safe HTML so that it should be treated as text.

VAN-972

Private repo PR: https://github.com/edx/edx-platform-private/pull/250

@waheedahmed
fix: cross-site scripting vulnerability on logout page
9228d27 
The target URL on logout page is marked as safe while rendering and
making the page volunerable to Cross-site scripting vulnerability.

Rendered the target variable outside safe HTML so that it should be
treated as text.

VAN-972
@waheedahmed
Copy link
Contributor Author

waheedahmed commented Jun 6, 2022

Hi @nedbat, this is a backport PR for a security fix against nutmeg.master, kindly take a look.

@waheedahmed waheedahmed merged commit f69b576 into open-release/nutmeg.master Jun 6, 2022
@waheedahmed waheedahmed deleted the waheed/backport-van-972-logout-xss-fix branch June 6, 2022 20:38
@0x29a 0x29a mentioned this pull request Sep 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nedbat nedbat nedbat approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waheedahmed @nedbat