Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS Bugfix #3097 - Sanitize SectionPresenter #3117

Merged
merged 5 commits into from
Mar 5, 2016
Merged

XSS Bugfix #3097 - Sanitize SectionPresenter #3117

merged 5 commits into from
Mar 5, 2016

Conversation

bricesanchez
Copy link
Member

It's ready to be reviewed and merged.

It fix #3097

@bricesanchez bricesanchez self-assigned this Feb 22, 2016
@bricesanchez bricesanchez added this to the 3.0.3 milestone Feb 22, 2016
@bricesanchez bricesanchez modified the milestones: 3.0.2, 3.0.3 Mar 1, 2016
@bricesanchez bricesanchez assigned parndt and unassigned bricesanchez Mar 4, 2016
parndt
parndt reviewed Mar 4, 2016
View reviewed changes
pages/app/presenters/refinery/pages/title_section_presenter.rb
@@ -7,6 +7,7 @@ class TitleSectionPresenter < SectionPresenter
private

def wrap_content_in_tag(content)
content = sanitize(content)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can inline this.

content_tag(:h1, sanitize(content), :id => id)

@parndt
Copy link
Member

parndt commented Mar 4, 2016

Looking good!

@bricesanchez
Copy link
Member Author

Done :)

parndt added a commit that referenced this pull request Mar 5, 2016
@parndt
Merge pull request #3117 from refinery/bugfix/3097
9f4c336 
Bugfix #3097
@parndt parndt merged commit 9f4c336 into master Mar 5, 2016
@parndt parndt deleted the bugfix/3097 branch March 5, 2016 01:28
@ghoppe ghoppe mentioned this pull request Mar 9, 2016
Merged
@bricesanchez bricesanchez changed the title Bugfix #3097 XSS Bugfix #3097 Mar 24, 2016
@bricesanchez bricesanchez mentioned this pull request Mar 24, 2016
Merged
stefanspicer added a commit to stefanspicer/refinerycms that referenced this pull request Mar 28, 2016
@stefanspicer
Use tag helper for refinery meta
b197c3d 
This change was lost in a rebase (this html changed files)
It is from:
 - commit: 5645295
 - PR: refinery#3117
 - Bugfix: refinery#3097
@bricesanchez bricesanchez changed the title XSS Bugfix #3097 XSS Bugfix #3097 - Sanitize markup May 19, 2016
@bricesanchez bricesanchez changed the title XSS Bugfix #3097 - Sanitize markup XSS Bugfix #3097 - Sanitize SectionPresenter May 19, 2016
@parndt parndt mentioned this pull request Oct 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@parndt parndt

Labels
3-0-stable
Projects
None yet
Milestone
3.0.2
Development

Successfully merging this pull request may close these issues.

multiple XSS found in refinery CMS
2 participants
@bricesanchez @parndt