[ambari] branch trunk updated: AMBARI-25439: XSS vulnerability for repo check hint (#3514)

[wu...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 635b7c164e AMBARI-25439: XSS vulnerability for repo check hint (#3514)
635b7c164e is described below

commit 635b7c164ed0346da2a103b789e19dacecc7ab8e
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Thu Nov 17 16:29:04 2022 +0800

    AMBARI-25439: XSS vulnerability for repo check hint (#3514)
---
 ambari-web/app/controllers/installer.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ambari-web/app/controllers/installer.js b/ambari-web/app/controllers/installer.js
index 5fd46e6ef4..beb140c8c6 100644
--- a/ambari-web/app/controllers/installer.js
+++ b/ambari-web/app/controllers/installer.js
@@ -964,10 +964,12 @@ App.InstallerController = App.WizardController.extend(App.Persist, {
       var os = selectedStack.get('operatingSystems').findProperty('id', params.osId);
       var repo = os.get('repositories').findProperty('repoId', params.repoId);
       if (repo) {
+        var title = Ember.Handlebars.Utils.escapeExpression(request.status + ":" + request.statusText);
+        var content =  Ember.Handlebars.Utils.escapeExpression($.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : "");
         repo.setProperties({
           validation: 'INVALID',
-          errorTitle: request.status + ":" + request.statusText,
-          errorContent: $.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : ""
+          errorTitle: title,
+          errorContent: content
         });
       }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org