You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/03/03 21:02:24 UTC
incubator-ranger git commit: RANGER-284 : Escape HTML before
displaying to prevent XSS
Repository: incubator-ranger
Updated Branches:
refs/heads/master 3df7c45d7 -> abea4ca39
RANGER-284 : Escape HTML before displaying to prevent XSS
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/abea4ca3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/abea4ca3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/abea4ca3
Branch: refs/heads/master
Commit: abea4ca39b52c4c5c8af2302f45011e8de828f51
Parents: 3df7c45
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Mar 3 16:43:41 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Mar 3 14:57:37 2015 -0500
----------------------------------------------------------------------
.../src/main/webapp/scripts/views/reports/AuditLayout.js | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/abea4ca3/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index ac3ab7d..23dfdf7 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -1140,10 +1140,7 @@ define(function(require) {
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
fromRaw: function (rawValue,model) {
return _.isUndefined(rawValue) ? '--':
- /*'<div data-id="'+model.id+'" data-container="body" data-toggle="popover" data-placement="right" data-content="'+rawValue+'" style="cursor:pointer;">\
- '+rawValue+'</div>';*/
- '<span title="'+rawValue
- +'" class="showMore">'+rawValue+'</span>';
+ '<span title="'+XAUtils.escapeHtmlChar(rawValue) +'" class="showMore">'+XAUtils.escapeHtmlChar(rawValue)+'</span>';
}
})
},
@@ -1325,4 +1322,4 @@ define(function(require) {
});
return AuditLayout;
-});
\ No newline at end of file
+});