forgejo/tests/integration/fixtures/TestXSSReviewDismissed/comment.yml at 672caa68138acf85e681e54242a8c95160869737 - magic_rb/forgejo - Forgejo: Beyond coding. We Forge.

magic_rb/forgejo

Template

mirror of https://codeberg.org/forgejo/forgejo synced 2024-12-13 06:51:57 +01:00

Gusted 672caa6813

[SECURITY] Test XSS in dismissed review

It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.

(cherry picked from commit ca798e4cc2)
(cherry picked from commit d3de80b9cc)

2024-02-22 22:44:22 +01:00

9 lines

180 B

YAML

Raw Blame History

 -
   id: 1000
   type: 32 # dismiss review
   poster_id: 2
   issue_id: 2 # in repo_id 1
   content: "XSS time!"
   review_id: 1000
   created_unix: 1700000000
   updated_unix: 1700000000