You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/06/27 08:49:33 UTC
[ranger] branch master updated: RANGER-2487-Resource policy names
with a characters that are typically HTML escaped mutate and grow as they
are saved.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 74b9bf6 RANGER-2487-Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.
74b9bf6 is described below
commit 74b9bf6fe6ae923130635971e374efa0fa0f05b1
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Wed Jun 26 19:22:47 2019 +0530
RANGER-2487-Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.
Signed-off-by: Pradeep <pr...@apache.org>
---
security-admin/src/main/webapp/scripts/models/RangerPolicy.js | 3 ++-
.../src/main/webapp/scripts/modules/globalize/message/en.js | 1 +
security-admin/src/main/webapp/scripts/utils/XAUtils.js | 11 ++++++++++-
.../main/webapp/scripts/views/policies/RangerPolicyForm.js | 6 +++++-
4 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
index 30e36ac..cd873b3 100644
--- a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
+++ b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
@@ -55,10 +55,11 @@ define(function(require){
// Overwrite your schema definition here
return _.extend(attrs,{
name : {
- type : 'Text',
+ type : 'TextFieldWithIcon',
title : 'Policy Name *',
validators : ['required'],
editorAttrs :{ maxlength: 255},
+ errorMsg : localization.tt("validationMessages.policyNameValidationMsg")
},
description : {
type : 'TextArea',
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 8d921f7..44d7dc7 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -508,6 +508,7 @@ define(function(require) {
emailAddressValidationMsg :'1. Email address should be start with alphabet / numeric / underscore / non-us characters.<br> 2. Allowed special character <b>.-@</b> .<br>3. Email address length should be greater than 9 characters.<br> 4. Email address examples : abc@de.fg, A-C@D-.FG',
nameValidationMsg :'Name should not start with space, it should be less than 256 characters and special characters are not allowed(except _ - and space).',
roleNameValidationMsg :'1. Role name should be start with alphabet / numeric / underscore / non-us characters.<br> 2. Allowed special character ,._\-+/@= and space. <br>3. Name length should be greater than one.',
+ policyNameValidationMsg :'Please avoid these characters (&, <, >, \', ", `) for policy name.',
},
serverMsg : {
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 79f397e..22cdc83 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1700,7 +1700,16 @@ define(function(require) {
}
}
- }
+ }
+
+ //string contain escape character or not
+ XAUtils.checkForEscapeCharacter = function(policyName){
+ var escapeCharacter = ["&", "<", ">", """, "`", "'"];
+ return _.some(escapeCharacter, function(m){
+ return policyName.includes(m);
+ });
+ }
+
return XAUtils;
});
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index b82654e..a862dde 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -584,7 +584,11 @@ define(function(require){
this.model.set('denyExceptions', this.setPermissionsToColl(this.formInputDenyExceptionList, new RangerPolicyItem()));
}
this.model.set('service',this.rangerService.get('name'));
- this.model.set('name', _.escape(this.model.get('name')));
+ var policyName = this.model.get('name');
+ if(this.model.has('id') && XAUtil.checkForEscapeCharacter(policyName)){
+ policyName = _.unescape(policyName);
+ }
+ this.model.set('name', _.escape(policyName));
if(this.model.has('policyPriority')){
this.model.set('policyPriority', this.model.get('policyPriority') ? 1 : 0);
}