Skip to content

Commit

Permalink
Patching minor XSS vulnerability
Browse files Browse the repository at this point in the history 
The update output shows the name of the current commit your local installation is on. So if a commit is named <script>alert("xss");</script>, for example, that code will execute when someone updates their installation.

Not a huge deal since we'd notice if someone made a rogue pull request with any commit names like that before ever accepting it into the repo.
  • Loading branch information
@ehpersonal38
ehpersonal38 committed Mar 7, 2023
1 parent ae1e3bf commit 4de5618
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion homepage/views.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ function copyOutput(elem) {
$output = implode("\n", $lines);
$results = $output;


$results = nl2br(htmlspecialchars($results));
if(strlen($results) == 0) {
$results = "This command has no output.";
}
Expand Down

0 comments on commit 4de5618

Please sign in to comment.