From 6731d2116c1edbbec04af4874e46aa033c1828f5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 09 Sep 2015 03:10:49 -0400
Subject: [PATCH] Fix XSS issue in drag-n-drop file uploads (#1490530)

---
 CHANGELOG         |    1 +
 program/js/app.js |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index b05d121..b7752c2 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -37,6 +37,7 @@
 - Fix various issues with Turkish (and similar) locales (#1490519)
 - Fix so In-Reply-To header is set also for MDN receipts (#1490523)
 - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header
+- Fix XSS issue in drag-n-drop file uploads (#1490530)
 
 RELEASE 1.1.2
 -------------
diff --git a/program/js/app.js b/program/js/app.js
index 3c660b8..32809d1 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -7828,7 +7828,8 @@
     var submit_data = function() {
       var multiple = files.length > 1,
         ts = new Date().getTime(),
-        content = '<span>' + (multiple ? ref.get_label('uploadingmany') : files[0].name) + '</span>';
+        // jQuery way to escape filename (#1490530)
+        content = $('<span>').text(multiple ? ref.get_label('uploadingmany') : files[0].name).html();
 
       // add to attachments list
       if (!ref.add2attachment_list(ts, { name:'', html:content, classname:'uploading', complete:false }))

--
Gitblit v1.9.1