You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2019/10/10 05:36:02 UTC
[nifi] 01/02: NIFI-6766: - Ensuring policy label is properly
escaped when populating the user's access policy listing. This closes
#3804.
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 99e9010b323c7dadeca6abd1ea4635c944e7a526
Author: Matt Gilman <ma...@gmail.com>
AuthorDate: Wed Oct 9 22:23:35 2019 -0400
NIFI-6766:
- Ensuring policy label is properly escaped when populating the user's access policy listing.
This closes #3804.
Signed-off-by: Joe Witt <jo...@apache.org>
---
.../nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
index 9c6a522..43df22c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
@@ -556,7 +556,7 @@
}
var subResource = nfCommon.substringAfterFirst(resource, '/restricted-components/');
- return "Restricted components requiring '" + subResource + "'";
+ return "Restricted components requiring '" + nfCommon.escapeHtml(subResource) + "'";
};
/**
@@ -609,9 +609,9 @@
}
if (dataContext.component.componentReference.permissions.canRead === true) {
- policyLabel += '<span style="font-weight: 500">' + dataContext.component.componentReference.component.name + '</span>';
+ policyLabel += '<span style="font-weight: 500">' + nfCommon.escapeHtml(dataContext.component.componentReference.component.name) + '</span>';
} else {
- policyLabel += '<span class="unset">' + dataContext.component.componentReference.id + '</span>'
+ policyLabel += '<span class="unset">' + nfCommon.escapeHtml(dataContext.component.componentReference.id) + '</span>'
}
return policyLabel;