8000 SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail by carakas · Pull Request #3455 · forkcms/forkcms · GitHub
[go: up one dir, main page]
Skip to content

SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail#3455

Merged
carakas merged 1 commit intoforkcms:masterfrom
justcarakas:charset-lowercase-spoon-library
Sep 1, 2021
Merged

SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail#3455
carakas merged 1 commit intoforkcms:masterfrom
justcarakas:charset-lowercase-spoon-library

Conversation

@carakas
Copy link
Member
@carakas carakas commented Aug 31, 2021

Type

  • Security

Pull request description

Spoon library doesn't encode some things well when the charset isn't utf-8 but UTF-8. This causes some xss issues

@carakas carakas added the security Pull requests that address a security vulnerability label Aug 31, 2021
@carakas carakas added this to the 5.11.0 milestone Aug 31, 2021
@carakas carakas requested a review from a team August 31, 2021 20:07
@codecov
Copy link
codecov bot commented Aug 31, 2021
edited
Loading

Codecov Report

Merging #3455 (c213063) into master (2a9c05a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #3455   +/-   ##
=========================================
  Coverage     27.88%   27.88%           
  Complexity     8145     8145           
=========================================
  Files           575      575           
  Lines         30690    30690           
=========================================
  Hits           8558     8558           
  Misses        22132    22132
Flag Coverage Δ
functional 23.79% <ø> (ø)
installer 3.84% <ø> (ø)
unit 7.63% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2a9c05a...c213063. Read the comment docs.

@carakas carakas merged commit 76bf739 into forkcms:master Sep 1, 2021
@carakas carakas deleted the charset-lowercase-spoon-library branch September 1, 2021 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tijsverkoyen tijsverkoyen tijsverkoyen approved these changes

Assignees

No one assigned

Labels

security Pull requests that address a security vulnerability

Projects

None yet

Milestone

5.11.0

Development

Successfully merging this pull request may close these issues.

2 participants

@carakas @tijsverkoyen
0