You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by wu...@apache.org on 2022/11/17 08:29:10 UTC
[ambari] branch trunk updated: AMBARI-25439: XSS vulnerability for repo check hint (#3514)
This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 635b7c164e AMBARI-25439: XSS vulnerability for repo check hint (#3514)
635b7c164e is described below
commit 635b7c164ed0346da2a103b789e19dacecc7ab8e
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Thu Nov 17 16:29:04 2022 +0800
AMBARI-25439: XSS vulnerability for repo check hint (#3514)
---
ambari-web/app/controllers/installer.js | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ambari-web/app/controllers/installer.js b/ambari-web/app/controllers/installer.js
index 5fd46e6ef4..beb140c8c6 100644
--- a/ambari-web/app/controllers/installer.js
+++ b/ambari-web/app/controllers/installer.js
@@ -964,10 +964,12 @@ App.InstallerController = App.WizardController.extend(App.Persist, {
var os = selectedStack.get('operatingSystems').findProperty('id', params.osId);
var repo = os.get('repositories').findProperty('repoId', params.repoId);
if (repo) {
+ var title = Ember.Handlebars.Utils.escapeExpression(request.status + ":" + request.statusText);
+ var content = Ember.Handlebars.Utils.escapeExpression($.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : "");
repo.setProperties({
validation: 'INVALID',
- errorTitle: request.status + ":" + request.statusText,
- errorContent: $.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : ""
+ errorTitle: title,
+ errorContent: content
});
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org