You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ea...@apache.org on 2017/11/29 20:07:24 UTC
qpid-dispatch git commit: DISPATCH-886 Prevent script injection for
stand-alone console
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 55d7bd34b -> 8e592559a
DISPATCH-886 Prevent script injection for stand-alone console
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/8e592559
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/8e592559
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/8e592559
Branch: refs/heads/master
Commit: 8e592559a6f1fa7cf1709b6c6fa53cbdfb64c3d3
Parents: 55d7bd3
Author: Ernest Allen <ea...@redhat.com>
Authored: Wed Nov 29 15:07:03 2017 -0500
Committer: Ernest Allen <ea...@redhat.com>
Committed: Wed Nov 29 15:07:03 2017 -0500
----------------------------------------------------------------------
console/stand-alone/plugin/js/qdrList.js | 5 +++++
console/stand-alone/plugin/js/qdrOverview.js | 6 ++++++
2 files changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e592559/console/stand-alone/plugin/js/qdrList.js
----------------------------------------------------------------------
diff --git a/console/stand-alone/plugin/js/qdrList.js b/console/stand-alone/plugin/js/qdrList.js
index 3abac5e..9f60e5c 100644
--- a/console/stand-alone/plugin/js/qdrList.js
+++ b/console/stand-alone/plugin/js/qdrList.js
@@ -361,6 +361,11 @@ var QDR = (function(QDR) {
// the scroll bar on the window
var viewport = $('#list-controller .pane-viewport')
viewport.height( window.innerHeight - viewport.offset().top)
+ // don't allow HTML in the tree titles
+ $('.fancytree-title').each( function (idx) {
+ var unsafe = $(this).html()
+ $(this).html(unsafe.replace(/</g, "<").replace(/>/g, ">"))
+ })
}
$(window).resize(resizer);
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e592559/console/stand-alone/plugin/js/qdrOverview.js
----------------------------------------------------------------------
diff --git a/console/stand-alone/plugin/js/qdrOverview.js b/console/stand-alone/plugin/js/qdrOverview.js
index 5a0b06f..7167250 100644
--- a/console/stand-alone/plugin/js/qdrOverview.js
+++ b/console/stand-alone/plugin/js/qdrOverview.js
@@ -1528,6 +1528,12 @@ return;
var viewport = $('#overview-controller .pane-viewport')
viewport.height( window.innerHeight - viewport.offset().top)
+ // don't allow HTML in the tree titles
+ $('.fancytree-title').each( function (idx) {
+ var unsafe = $(this).html()
+ $(this).html(unsafe.replace(/</g, "<").replace(/>/g, ">"))
+ })
+
// remove the comments to allow the tree to take all the height it needs
/*
var gridDetails = $('#overview-controller .grid')
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org