upstream/ipython Files · tools/git-mrb

Fix XSS reported on Security list...

Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------

Fernando Perez - - Load All Authors

File last commit:

r5931:4f2ef554


                r21633:3ab41641

Download file

             git-mrb
        
                    80 lines
            
             | 2.3 KiB
            
                | text/plain
            
             |
                TextLexer

/ tools / git-mrb

History | Annotation | Raw |Copy content |Copy permalink

				#!/usr/bin/env python
				"""git-mrb: merge remote branch.

				git mrb [remote:branch OR remote-branch] [onto] [upstream]

				remote must be locally available, and branch must exist in that remote.

				If 'onto' branch isn't given, default is 'master'.

				If 'upstream' repository isn't given, default is 'origin'.

				You can separate the remote and branch spec with either a : or a -.
				"""
				#-----------------------------------------------------------------------------
				# Imports
				#-----------------------------------------------------------------------------

				from subprocess import check_call
				import sys

				#-----------------------------------------------------------------------------
				# Functions
				#-----------------------------------------------------------------------------

				def sh(cmd):
				cmd = cmd.format(**shvars)
				print '$', cmd
				check_call(cmd, shell=True)

				#-----------------------------------------------------------------------------
				# Main Script
				#-----------------------------------------------------------------------------

				argv = sys.argv[1:]
				narg = len(argv)

				try:
				branch_spec = argv[0]
				sep = ':' if ':' in branch_spec else '-'
				remote, branch = branch_spec.split(':', 1)
				if not branch:
				raise ValueError('Branch spec %s invalid, branch not found' %
				branch_spec)
				except:
				import traceback as tb
				tb.print_exc()
				print __doc__
				sys.exit(1)

				onto = argv[1] if narg >= 2 else 'master'
				upstream = argv[1] if narg == 3 else 'origin'

				# Git doesn't like ':' in branch names.
				if sep == ':':
				branch_spec = branch_spec.replace(':', '-')

				# Global used by sh
				shvars = dict(remote=remote, branch_spec=branch_spec, branch=branch,
				onto=onto, upstream=upstream)

				# Start git calls.
				sh('git fetch {remote}')
				sh('git checkout -b {branch_spec} {onto}')
				sh('git merge {remote}/{branch}')

				print """
				*************************************************************
				Run test suite. If tests pass, run the following to merge:

				git checkout {onto}
				git merge {branch_spec}
				git push {upstream} {onto}

				*************************************************************
				""".format(**shvars)

				ans = raw_input("Revert to master and delete temporary branch? [Y/n]: ")
				if ans.strip().lower() in ('', 'y', 'yes'):
				sh('git checkout {onto}')
				sh('git branch -D {branch_spec}')

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages