Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix potential xss issue with user id #3340

Merged
merged 1 commit into from
Oct 18, 2020
Merged

fix potential xss issue with user id #3340

merged 1 commit into from
Oct 18, 2020

Conversation

nobodyiam
Copy link
Member

What's the purpose of this PR

fix potential xss issue with user id

Which issue(s) this PR fixes:

Fixes #3332

Brief changelog

escape user id when displaying

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Read the Contributing Guide before making this pull request.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit tests to verify the code.
  • Run mvn clean test to make sure this pull request doesn't break anything.

@codecov-io
Copy link

Codecov Report

Merging #3340 into master will increase coverage by 0.06%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #3340      +/-   ##
============================================
+ Coverage     51.35%   51.41%   +0.06%     
  Complexity     2301     2301              
============================================
  Files           442      442              
  Lines         13738    13738              
  Branches       1398     1398              
============================================
+ Hits           7055     7064       +9     
+ Misses         6192     6186       -6     
+ Partials        491      488       -3
Impacted Files Coverage Δ Complexity Δ
...framework/apollo/openapi/entity/ConsumerAudit.java 42.42% <0.00%> (-6.07%) 9.00% <0.00%> (-2.00%)
...mework/apollo/openapi/service/ConsumerService.java 47.57% <0.00%> (-1.95%) 12.00% <0.00%> (-1.00%)
.../apollo/internals/RemoteConfigLongPollService.java 77.10% <0.00%> (-1.21%) 28.00% <0.00%> (-1.00%)
.../framework/apollo/spring/property/SpringValue.java 89.47% <0.00%> (+1.75%) 21.00% <0.00%> (+1.00%)
...rk/apollo/spring/property/SpringValueRegistry.java 88.88% <0.00%> (+5.55%) 11.00% <0.00%> (+1.00%)
...mework/apollo/portal/component/PortalSettings.java 65.62% <0.00%> (+7.81%) 5.00% <0.00%> (ø%)
...work/apollo/biz/message/DatabaseMessageSender.java 64.58% <0.00%> (+14.58%) 8.00% <0.00%> (+2.00%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 77f801c...fbe5dec. Read the comment docs.

@nobodyiam nobodyiam merged commit b5832da into apolloconfig:master Oct 18, 2020
@nobodyiam nobodyiam added this to the 1.8.0 milestone Feb 11, 2021
@nobodyiam nobodyiam mentioned this pull request Jul 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.

添加用户未进行校验导致前端xss攻击缺陷
2 participants
@nobodyiam @codecov-io