You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/07/25 07:17:57 UTC

[ofbiz-framework] 01/02: Fixed: Fix OFBiz speficic Javascript securiy issues reported by GH CodeQL (OFBIZ-12366)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 7875045e5a5acae0c22eee72bfdb5971cf663317
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Jul 18 17:34:59 2022 +0200

    Fixed: Fix OFBiz speficic Javascript securiy issues reported by GH CodeQL (OFBIZ-12366)
    
    Actually I put in a path error then, it's not
    value="/common/js/node_modules/node_modules/dompurify/dist/purify.min.js"
    but
    value="/common/js/node_modules/dompurify/dist/purify.min.js"
    
    This fixes it
---
 themes/common-theme/widget/CommonScreens.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/themes/common-theme/widget/CommonScreens.xml b/themes/common-theme/widget/CommonScreens.xml
index 61ddbe5f1c..221ab177fd 100644
--- a/themes/common-theme/widget/CommonScreens.xml
+++ b/themes/common-theme/widget/CommonScreens.xml
@@ -351,7 +351,7 @@ under the License.
                         <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery.browser/dist/jquery.browser.min.js" global="true"/>
                         <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery-migrate/dist/jquery-migrate.min.js" global="true"/>
                         <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery/dist/jquery.min.js" global="true"/>
-                        <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/node_modules/dompurify/dist/purify.min.js" global="true"/>
+                        <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/dompurify/dist/purify.min.js" global="true"/>
                         <set field="layoutSettings.javaScripts[]" value="/common/js/util/OfbizUtil.js" global="true"/>
                     </actions>
                     <widgets>
@@ -457,7 +457,7 @@ under the License.
                 <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery.browser/dist/jquery.browser.min.js" global="true"/>
                 <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery-migrate/dist/jquery-migrate.min.js" global="true" />
                 <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/jquery/dist/jquery.min.js" global="true"/>
-                <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/node_modules/dompurify/dist/purify.min.js" global="true"/>
+                <set field="layoutSettings.javaScripts[+0]" value="/common/js/node_modules/dompurify/dist/purify.min.js" global="true"/>
                 <!-- jQuery CSSs -->
                 <set field="layoutSettings.styleSheets[+0]" value="/common/js/node_modules/jquery-ui-dist/jquery-ui.min.css" global="true"/>