You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by an...@apache.org on 2020/08/24 13:04:52 UTC
[syncope] branch 2_1_X updated: [SYNCOPE-1549] whitelisted
javascript in href attributes
This is an automated email from the ASF dual-hosted git repository.
andreapatricelli pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_1_X by this push:
new feacc1a [SYNCOPE-1549] whitelisted javascript in href attributes
feacc1a is described below
commit feacc1a2b3e31b13bf53be0d6886a36cd6e762bd
Author: Andrea Patricelli <an...@apache.org>
AuthorDate: Mon Aug 24 15:03:18 2020 +0200
[SYNCOPE-1549] whitelisted javascript in href attributes
---
.../enduser/src/main/resources/META-INF/resources/app/js/app.js | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
index c2f9d9f..3bb3c88 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
@@ -46,8 +46,10 @@ var app = angular.module('SyncopeEnduserApp', [
'ngAria'
]);
-app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translateProvider', '$translatePartialLoaderProvider',
- function ($stateProvider, $urlRouterProvider, $httpProvider, $translateProvider, $translatePartialLoaderProvider) {
+app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translateProvider',
+ '$translatePartialLoaderProvider', '$compileProvider',
+ function ($stateProvider, $urlRouterProvider, $httpProvider, $translateProvider,
+ $translatePartialLoaderProvider, $compileProvider) {
/*
|--------------------------------------------------------------------------
| Syncope Enduser AngularJS providers configuration
@@ -315,6 +317,8 @@ app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translate
}
};
});
+ // SYNCOPE-1549
+ $compileProvider.aHrefSanitizationWhitelist(/^\s*(javascript):/);
}]);
app.run(['$rootScope', '$state', 'AuthService', '$transitions',
function ($rootScope, $state, AuthService, $transitions) {