You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@syncope.apache.org by an...@apache.org on 2020/08/24 13:04:52 UTC

[syncope] branch 2_1_X updated: [SYNCOPE-1549] whitelisted javascript in href attributes

This is an automated email from the ASF dual-hosted git repository.

andreapatricelli pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_1_X by this push:
     new feacc1a  [SYNCOPE-1549] whitelisted javascript in href attributes
feacc1a is described below

commit feacc1a2b3e31b13bf53be0d6886a36cd6e762bd
Author: Andrea Patricelli <an...@apache.org>
AuthorDate: Mon Aug 24 15:03:18 2020 +0200

    [SYNCOPE-1549] whitelisted javascript in href attributes
---
 .../enduser/src/main/resources/META-INF/resources/app/js/app.js   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
index c2f9d9f..3bb3c88 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
@@ -46,8 +46,10 @@ var app = angular.module('SyncopeEnduserApp', [
   'ngAria'
 ]);
 
-app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translateProvider', '$translatePartialLoaderProvider',
-  function ($stateProvider, $urlRouterProvider, $httpProvider, $translateProvider, $translatePartialLoaderProvider) {
+app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translateProvider',
+  '$translatePartialLoaderProvider', '$compileProvider',
+  function ($stateProvider, $urlRouterProvider, $httpProvider, $translateProvider,
+          $translatePartialLoaderProvider, $compileProvider) {
     /*
      |--------------------------------------------------------------------------
      | Syncope Enduser AngularJS providers configuration
@@ -315,6 +317,8 @@ app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translate
         }
       };
     });
+    // SYNCOPE-1549
+    $compileProvider.aHrefSanitizationWhitelist(/^\s*(javascript):/);
   }]);
 app.run(['$rootScope', '$state', 'AuthService', '$transitions',
   function ($rootScope, $state, AuthService, $transitions) {