You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by jo...@apache.org on 2019/10/10 05:36:02 UTC

[nifi] 01/02: NIFI-6766: - Ensuring policy label is properly escaped when populating the user's access policy listing. This closes #3804.

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git

commit 99e9010b323c7dadeca6abd1ea4635c944e7a526
Author: Matt Gilman <ma...@gmail.com>
AuthorDate: Wed Oct 9 22:23:35 2019 -0400

    NIFI-6766:
    - Ensuring policy label is properly escaped when populating the user's access policy listing.
    This closes #3804.
    
    Signed-off-by: Joe Witt <jo...@apache.org>
---
 .../nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
index 9c6a522..43df22c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
@@ -556,7 +556,7 @@
         }
 
         var subResource = nfCommon.substringAfterFirst(resource, '/restricted-components/');
-        return "Restricted components requiring '" + subResource + "'";
+        return "Restricted components requiring '" + nfCommon.escapeHtml(subResource) + "'";
     };
 
     /**
@@ -609,9 +609,9 @@
         }
 
         if (dataContext.component.componentReference.permissions.canRead === true) {
-            policyLabel += '<span style="font-weight: 500">' + dataContext.component.componentReference.component.name + '</span>';
+            policyLabel += '<span style="font-weight: 500">' + nfCommon.escapeHtml(dataContext.component.componentReference.component.name) + '</span>';
         } else {
-            policyLabel += '<span class="unset">' + dataContext.component.componentReference.id + '</span>'
+            policyLabel += '<span class="unset">' + nfCommon.escapeHtml(dataContext.component.componentReference.id) + '</span>'
         }
 
         return policyLabel;