Fix whitespace parameter handling (!102706) · Merge requests · GitLab.org / GitLab

David O'Regan requested to merge 378216-wiki-xss into master Nov 02, 2022

What does this MR do and why?

A small MVC for Cross-site scripting in wiki changes page affec... (#378216 - closed).

Screenshots or screen recordings

N/A

How to set up and validate locally

Log in to the project locally.
Create a project.
From the sidebar, click Wiki.
Click Create your first page
Fill in the contents.
Click Create page
Open https://localhost:3000/USERNAME/PROJECT_NAME/-/wikis/home/diff?protocol=javascript&host=%250dalert(document.domain)//
Click Hide whitespace changes
Confirm that alert(document.domain) has not been executed.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #378216 (closed)

Fix whitespace parameter handling

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports