upstream/ipython Files · IPython/html/static/base/less/variables.less

Fix XSS reported on Security list...

Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------

Min RK - - Load All Authors

File last commit:

r21108:3195aee5


                r21633:3ab41641

Download file

             variables.less
        
                    60 lines
            
             | 1.6 KiB
            
                | text/x-less
            
             |
                LessCssLexer
            
             / IPython / html / static / base / less / variables.less
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      // Our customizations to bootstrap go here.

      @black: #000;

      @text-color: @black;

      @font-size-base: 13px;

      @font-family-monospace: monospace;  // to allow user to customize their fonts

      @navbar-height: 30px;

      @breadcrumb-color: darken(@border_color, 30%);

      @blockquote-font-size: inherit;

      @modal-inner-padding: 15px;

      @grid-float-breakpoint: 541px;

      @screen-xs: 540px;

      @logo_height: 28px;

      @border-radius-small: 1px;

      @border-radius-base: 2px;

      @border-radius-large: 3px;

      @grid-gutter-width: 0px;

      @icon-font-path: "../components/bootstrap/fonts/";

      // Disable modal slide-in from top animation.

      .modal {

        &.fade .modal-dialog {

          .translate(0, 0);

        }

      }

      // Set the default code color.

      code {

        color: @black; // default code color in bootstrap is #d14 (crimson / amaranth)

      }

      // Override bootstrap pre element styling.

      pre {

        // bootstrap has pre defaults that we don't want to inherit.

        // start pre tag defaults based on the surrounding context instead.

        font-size: inherit;

        line-height: inherit;

      }

      // Disable bold labels in BS3

      label {

          font-weight: normal;

      }

      // Our own global variables for all pages go here

      @global-shadow: 0px 0px 12px 1px rgba(87, 87, 87, 0.2);

      @global-shadow-dark: 0px 0px 12px 1px rgba(87, 87, 87, 0.4);

      @page-header-padding: 20px;

      /* Make the page background atleast 100% the height of the view port */

      @page-backdrop-height: 100vh;

      /* Make the page itself atleast 70% the height of the view port */

      @page-min-height: 0;

      @page-backdrop-color: #EEE;

      @page-color: @body-bg;

      @page-padding: 15px;

      // preven container size to jump from 768px to 720px

      // when window width go from 768 to 769+

      @container-sm : @screen-sm-min;

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				// Our customizations to bootstrap go here.

				@black: #000;
				@text-color: @black;
				@font-size-base: 13px;
				@font-family-monospace: monospace; // to allow user to customize their fonts
				@navbar-height: 30px;
				@breadcrumb-color: darken(@border_color, 30%);
				@blockquote-font-size: inherit;
				@modal-inner-padding: 15px;
				@grid-float-breakpoint: 541px;
				@screen-xs: 540px;
				@logo_height: 28px;
				@border-radius-small: 1px;
				@border-radius-base: 2px;
				@border-radius-large: 3px;
				@grid-gutter-width: 0px;
				@icon-font-path: "../components/bootstrap/fonts/";

				// Disable modal slide-in from top animation.
				.modal {
				&.fade .modal-dialog {
				.translate(0, 0);
				}
				}

				// Set the default code color.
				code {
				color: @black; // default code color in bootstrap is #d14 (crimson / amaranth)
				}

				// Override bootstrap pre element styling.
				pre {
				// bootstrap has pre defaults that we don't want to inherit.
				// start pre tag defaults based on the surrounding context instead.
				font-size: inherit;
				line-height: inherit;
				}

				// Disable bold labels in BS3
				label {
				font-weight: normal;
				}

				// Our own global variables for all pages go here
				@global-shadow: 0px 0px 12px 1px rgba(87, 87, 87, 0.2);
				@global-shadow-dark: 0px 0px 12px 1px rgba(87, 87, 87, 0.4);
				@page-header-padding: 20px;
				/* Make the page background atleast 100% the height of the view port */
				@page-backdrop-height: 100vh;
				/* Make the page itself atleast 70% the height of the view port */
				@page-min-height: 0;
				@page-backdrop-color: #EEE;
				@page-color: @body-bg;
				@page-padding: 15px;

				// preven container size to jump from 768px to 720px
				// when window width go from 768 to 769+
				@container-sm : @screen-sm-min;