Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Fix potential XSS vulnerability in break_long_headers template filter#9435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

Conversation

ch4n3-yoon
Copy link
Contributor

Description

The header input is now properly escaped before splitting and joining with<br> tags. This prevents potential XSS attacks if the header contains unsanitized user input.

This pull request addresses a potential XSS vulnerability in thebreak_long_headers template filter. By escaping the header input before processing, the risk of XSS attacks is mitigated.

ChoiInYeol, hjh010501, lovelyoverflow, and gunthercox reacted with hooray emojiChoiInYeol reacted with heart emojiChoiInYeol reacted with rocket emoji
The header input is now properly escaped before splitting and joining with <br> tags. This prevents potential XSS attacks if the header contains unsanitized user input.
Copy link
Member

@browniebrokebrowniebroke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Probably deserves a test

@tomchristie
Copy link
Member

@browniebroke Let's prioritise getting this sorted, rather than waiting on a test case.

I'd marginally prefer#9438 over this, since the line break isn't actually required however we should just go with whatever gets this resolved as quickly as possible at this point.

@tomchristietomchristie merged commit3b41f01 intoencode:masterJun 14, 2024
7 checks passed
@ch4n3-yoon
Copy link
ContributorAuthor

I've identified a potential XSS vulnerability related to the break_long_headers template filter used in the rest_framework/base.html template file by APIView. This file employs the break_long_headers template filter, making the following code vulnerable to XSS attacks due to unsanitized user input:

# views.pyfromrest_framework.viewsimportAPIViewfromrest_framework.responseimportResponseclassIndex(APIView):defget(self,request):username=request.GET.get('username','')response=Response('OK')response['Location']=f'https://x.com/{username}'returnresponse# urls.pyfromdjango.urlsimportpathurlpatterns= [path('api/',Index.as_view()), ]

I believe it is essential to register this issue as a CVE to ensure that users of earlier versions of DRF are aware and can manage this vulnerability appropriately. Your thoughts on this?

@ch4n3-yoonch4n3-yoon deleted the fix/break_long_headers-filter branchJune 14, 2024 10:12
FraCata00 pushed a commit to FraCata00/django-rest-framework that referenced this pull requestJun 20, 2024
tomchristie pushed a commit that referenced this pull requestJun 27, 2024
…9444)Co-authored-by: Francesco <francesco.cataldo@spinforward.it>
vladislav1010 pushed a commit to vladislav1010/django-rest-framework that referenced this pull requestJul 5, 2024
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@browniebrokebrowniebrokebrowniebroke left review comments

@tomchristietomchristietomchristie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

3 participants
@ch4n3-yoon@tomchristie@browniebroke
[8]ページ先頭
©2009-2025 Movatter.jp