linuxserver/Heimdall
1
0
Fork 0
mirror of https://github.com/linuxserver/Heimdall.git synced 2026-02-21 12:10:34 +09:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix: Escape app title and tag title on list pages CVE-2022-47968 (#1088)

Browse Source
This commit is contained in:
Attila Kerekes
2023-01-05 19:31:15 +00:00
committed by GitHub
parent cd07d47445
commit a4022ce517
5 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/Feature/ItemListTest.php
View File

@@ -31,4 +31,15 @@ class ItemListTest extends TestCase
$response->assertSee('Item 2');
$response->assertSee('Item 3');
}
public function test_escapes_xss_on_the_item_list_page()
{
$this->addItemWithTitleToDB('<script>alert("XSS")</script>');
$response = $this->get('/items');
$response->assertStatus(200);
$response->assertDontSee('<script>alert("XSS")</script>', false);
$response->assertSee('<script>alert("XSS")</script>');
}
}

11
tests/Feature/TagListTest.php
View File

@@ -32,4 +32,15 @@ class TagListTest extends TestCase
$response->assertSee('Tag 2');
$response->assertSee('Tag 3');
}
public function test_escapes_xss_on_the_tag_list_page()
{
$this->addTagWithTitleToDB('<script>alert("XSS")</script>');
$response = $this->get('/tags');
$response->assertStatus(200);
$response->assertDontSee('<script>alert("XSS")</script>', false);
$response->assertSee('<script>alert("XSS")</script>');
}
}