Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS: allow iframe in popups #4953

Merged
merged 1 commit into from
Nov 7, 2024
Merged

XSS: allow iframe in popups #4953

merged 1 commit into from
Nov 7, 2024

Conversation

nboisteault
Copy link
Member

Allow iframe in popups but add sandbox="allow-scripts allow-forms" to avoid XSS

Funded by Valabre

@nboisteault
XSS: allow iframe in popups
2ab2d20 
Allow iframe but add `sandbox="allow-scripts allow-forms"` to avoid XSS
@github-actions github-actions bot added this to the 3.10.0 milestone Nov 7, 2024
@nboisteault nboisteault added run end2end If the PR must run end2end tests or not backport release_3_9 backport release_3_8 labels Nov 7, 2024
@nboisteault nboisteault merged commit 4d5bbf1 into 3liz:master Nov 7, 2024
15 of 16 checks passed
@nboisteault nboisteault deleted the dompurify-allow-iframe branch November 7, 2024 10:43
@3liz-bot
Copy link
Contributor

3liz-bot commented Nov 7, 2024

The backport to release_3_8 failed:

The process '/usr/bin/git' failed with exit code 1
stderr 
error: could not apply 2ab2d2060... XSS: allow `iframe` in popups
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config advice.mergeConflict false"
stdout 
Auto-merging tests/qgis-projects/tests/tests_dataset.sql
CONFLICT (content): Merge conflict in tests/qgis-projects/tests/tests_dataset.sql

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release_3_8 release_3_8
# Navigate to the new working tree
cd .worktrees/backport-release_3_8
# Create a new branch
git switch --create backport-4953-to-release_3_8
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick 2ab2d20602c76635bac511f3d9dab12f37ca6c35
# Push it to GitHub
git push --set-upstream origin backport-4953-to-release_3_8
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release_3_8

Then, create a pull request where the base branch is release_3_8 and the compare/head branch is backport-4953-to-release_3_8.

@3liz-bot 3liz-bot mentioned this pull request Nov 7, 2024
Merged
@Gustry Gustry added the sponsored development This development has been funded label Nov 7, 2024
@nboisteault nboisteault mentioned this pull request Nov 7, 2024
Closed
1 task
@josemvm
Copy link
Collaborator

josemvm commented Nov 7, 2024

@nboisteault thanks!

@Gustry Gustry mentioned this pull request Nov 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport release_3_8 backport release_3_9 failed backport run end2end If the PR must run end2end tests or not sponsored development This development has been funded
Projects
None yet
Milestone
3.10.0
Development

Successfully merging this pull request may close these issues.
4 participants
@nboisteault @3liz-bot @josemvm @Gustry