You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by sa...@apache.org on 2019/05/29 23:08:37 UTC
[drill] 01/05: DRILL-7276: Fixed an XSS vulnerability in Drill
Web-UI query profile page
This is an automated email from the ASF dual-hosted git repository.
sachouche pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
commit 5542cc98f38003f028d97f95d257604c91723d70
Author: Anton Gozhiy <an...@gmail.com>
AuthorDate: Thu May 23 19:41:45 2019 +0300
DRILL-7276: Fixed an XSS vulnerability in Drill Web-UI query profile page
---
exec/java-exec/src/main/resources/rest/alertModals.ftl | 11 ++++++++++-
exec/java-exec/src/main/resources/rest/static/js/graph.js | 2 +-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/exec/java-exec/src/main/resources/rest/alertModals.ftl b/exec/java-exec/src/main/resources/rest/alertModals.ftl
index 320d96d..17f0275 100644
--- a/exec/java-exec/src/main/resources/rest/alertModals.ftl
+++ b/exec/java-exec/src/main/resources/rest/alertModals.ftl
@@ -62,7 +62,7 @@
var inputValuesKeys = Object.keys(inputValues);
for (i=0; i<inputValuesKeys.length; ++i) {
let currKey=inputValuesKeys[i];
- updatedHtml=updatedHtml.replace(currKey, inputValues[currKey]);
+ updatedHtml=updatedHtml.replace(currKey, escapeHtml(inputValues[currKey]));
}
modalBody.innerHTML=updatedHtml;
}
@@ -70,6 +70,15 @@
$('#errorModal').modal('show');
}
+ function escapeHtml(str) {
+ return str.replace(/&/g,'&')
+ .replace(/</g,'<')
+ .replace(/>/g,'>')
+ .replace(/"/g,'"')
+ .replace(/'/g,''')
+ .replace(/\//g,'/');
+ }
+
//Map of error messages to populate the alert modal
var errorMap = {
"userNameMissing": {
diff --git a/exec/java-exec/src/main/resources/rest/static/js/graph.js b/exec/java-exec/src/main/resources/rest/static/js/graph.js
index 5801245..81042e8 100644
--- a/exec/java-exec/src/main/resources/rest/static/js/graph.js
+++ b/exec/java-exec/src/main/resources/rest/static/js/graph.js
@@ -390,7 +390,7 @@ $(window).on('load',(function () {
// add json profile on click
$('#full-json-profile-json').on('shown.bs.collapse', function (e) {
if (jsonprofileshown) return;
- $('#full-json-profile-json').html(JSON.stringify(globalconfig.profile, null, 4));
+ $('#full-json-profile-json').text(JSON.stringify(globalconfig.profile, null, 4)).html();
});
//builddomtable(d3.select("#timing-table")