diff --git a/www/manager/data/PVEProxy.js b/www/manager/data/PVEProxy.js
index 219a620c6..79b738cbf 100644
--- a/www/manager/data/PVEProxy.js
+++ b/www/manager/data/PVEProxy.js
@@ -51,7 +51,7 @@ Ext.define('PVE.RestProxy', {
text += " (+ " + info.tfa + ")";
}
- return text;
+ return Ext.String.htmlEncode(text);
}
}
],
diff --git a/www/manager/dc/AuthView.js b/www/manager/dc/AuthView.js
index 83e79c659..dbcc260ae 100644
--- a/www/manager/dc/AuthView.js
+++ b/www/manager/dc/AuthView.js
@@ -131,6 +131,7 @@ Ext.define('PVE.dc.AuthView', {
id: 'comment',
header: gettext('Comment'),
sortable: false,
+ renderer: Ext.String.htmlEncode,
dataIndex: 'comment',
flex: 1
}
diff --git a/www/manager/dc/GroupView.js b/www/manager/dc/GroupView.js
index 6950a46a3..0864b7a96 100644
--- a/www/manager/dc/GroupView.js
+++ b/www/manager/dc/GroupView.js
@@ -96,6 +96,7 @@ Ext.define('PVE.dc.GroupView', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/dc/PoolView.js b/www/manager/dc/PoolView.js
index 4ae99e238..0d552ecdc 100644
--- a/www/manager/dc/PoolView.js
+++ b/www/manager/dc/PoolView.js
@@ -96,6 +96,7 @@ Ext.define('PVE.dc.PoolView', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/dc/SecurityGroups.js b/www/manager/dc/SecurityGroups.js
index 0e312958b..d8562e749 100644
--- a/www/manager/dc/SecurityGroups.js
+++ b/www/manager/dc/SecurityGroups.js
@@ -167,7 +167,7 @@ Ext.define('PVE.SecurityGroupList', {
selModel: sm,
columns: [
{ header: gettext('Group'), dataIndex: 'group', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor,
diff --git a/www/manager/dc/UserView.js b/www/manager/dc/UserView.js
index c4f8a8b01..3f1fe648b 100644
--- a/www/manager/dc/UserView.js
+++ b/www/manager/dc/UserView.js
@@ -221,6 +221,7 @@ Ext.define('PVE.dc.UserView', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/form/GroupSelector.js b/www/manager/form/GroupSelector.js
index f4e4b633c..663aa0de4 100644
--- a/www/manager/form/GroupSelector.js
+++ b/www/manager/form/GroupSelector.js
@@ -29,6 +29,7 @@ Ext.define('PVE.form.GroupSelector', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]
diff --git a/www/manager/form/IPRefSelector.js b/www/manager/form/IPRefSelector.js
index a017e15d8..5222604e3 100644
--- a/www/manager/form/IPRefSelector.js
+++ b/www/manager/form/IPRefSelector.js
@@ -64,6 +64,7 @@ Ext.define('PVE.form.IPRefSelector', {
{
header: gettext('Comment'),
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]);
diff --git a/www/manager/form/PoolSelector.js b/www/manager/form/PoolSelector.js
index a607589ed..b509ac4a3 100644
--- a/www/manager/form/PoolSelector.js
+++ b/www/manager/form/PoolSelector.js
@@ -29,6 +29,7 @@ Ext.define('PVE.form.PoolSelector', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]
diff --git a/www/manager/form/SecurityGroupSelector.js b/www/manager/form/SecurityGroupSelector.js
index 37e6bac49..1515dfd0e 100644
--- a/www/manager/form/SecurityGroupSelector.js
+++ b/www/manager/form/SecurityGroupSelector.js
@@ -34,6 +34,7 @@ Ext.define('PVE.form.SecurityGroupsSelector', {
{
header: gettext('Comment'),
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]
diff --git a/www/manager/form/UserSelector.js b/www/manager/form/UserSelector.js
index 3ba4d1b3e..1c28d37c9 100644
--- a/www/manager/form/UserSelector.js
+++ b/www/manager/form/UserSelector.js
@@ -42,6 +42,7 @@ Ext.define('PVE.form.UserSelector', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]
diff --git a/www/manager/grid/FirewallAliases.js b/www/manager/grid/FirewallAliases.js
index 353b97c1e..2f38393f6 100644
--- a/www/manager/grid/FirewallAliases.js
+++ b/www/manager/grid/FirewallAliases.js
@@ -171,7 +171,7 @@ Ext.define('PVE.FirewallAliases', {
columns: [
{ header: gettext('Name'), dataIndex: 'name', width: 100 },
{ header: gettext('IP/CIDR'), dataIndex: 'cidr', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor
diff --git a/www/manager/grid/FirewallRules.js b/www/manager/grid/FirewallRules.js
index ae536379d..adc1e34aa 100644
--- a/www/manager/grid/FirewallRules.js
+++ b/www/manager/grid/FirewallRules.js
@@ -36,6 +36,7 @@ Ext.define('PVE.form.FWMacroSelector', {
{
header: gettext('Description'),
flex: 1,
+ renderer: Ext.String.htmlEncode,
dataIndex: 'descr'
}
]
diff --git a/www/manager/node/APT.js b/www/manager/node/APT.js
index aabd341de..4a72520ac 100644
--- a/www/manager/node/APT.js
+++ b/www/manager/node/APT.js
@@ -37,7 +37,7 @@ Ext.define('PVE.node.APT', {
var colspan = headerCt.getColumnCount();
// Usually you would style the my-body-class in CSS file
return {
- rowBody: '' + data.Description + '
',
+ rowBody: '' + Ext.String.htmlEncode(data.Description) + '
',
rowBodyColspan: colspan
};
}
diff --git a/www/manager/node/ServiceView.js b/www/manager/node/ServiceView.js
index e091a5b8e..7a20073dd 100644
--- a/www/manager/node/ServiceView.js
+++ b/www/manager/node/ServiceView.js
@@ -129,6 +129,7 @@ Ext.define('PVE.node.ServiceView', {
{
header: gettext('Description'),
dataIndex: 'desc',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/panel/IPSet.js b/www/manager/panel/IPSet.js
index 2aae7dfaa..821f467fa 100644
--- a/www/manager/panel/IPSet.js
+++ b/www/manager/panel/IPSet.js
@@ -148,7 +148,7 @@ Ext.define('PVE.IPSetList', {
selModel: sm,
columns: [
{ header: 'IPSet', dataIndex: 'name', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor,
diff --git a/www/manager/pool/StatusView.js b/www/manager/pool/StatusView.js
index 8049364e1..a376e0959 100644
--- a/www/manager/pool/StatusView.js
+++ b/www/manager/pool/StatusView.js
@@ -13,6 +13,7 @@ Ext.define('PVE.pool.StatusView', {
var rows = {
comment: {
header: gettext('Comment'),
+ renderer: Ext.String.htmlEncode,
required: true
}
};
diff --git a/www/manager/qemu/Options.js b/www/manager/qemu/Options.js
index ecab490f5..b3e006cac 100644
--- a/www/manager/qemu/Options.js
+++ b/www/manager/qemu/Options.js
@@ -253,6 +253,7 @@ Ext.define('PVE.qemu.Options', {
smbios1: {
header: gettext('SMBIOS settings (type1)'),
defaultValue: '',
+ renderer: Ext.String.htmlEncode,
editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.Smbios1Edit' : undefined
}
};
diff --git a/www/manager/qemu/SnapshotTree.js b/www/manager/qemu/SnapshotTree.js
index 6f377a2cf..6efa944be 100644
--- a/www/manager/qemu/SnapshotTree.js
+++ b/www/manager/qemu/SnapshotTree.js
@@ -279,7 +279,7 @@ Ext.define('PVE.qemu.SnapshotTree', {
if (record.data.name === 'current') {
return gettext("You are here!");
} else {
- return value;
+ return Ext.String.htmlEncode(value);
}
}
}
diff --git a/www/manager/storage/ContentView.js b/www/manager/storage/ContentView.js
index 1a715e3b2..6648572e3 100644
--- a/www/manager/storage/ContentView.js
+++ b/www/manager/storage/ContentView.js
@@ -59,6 +59,7 @@ Ext.define('PVE.grid.TemplateSelector', {
{
header: gettext('Description'),
flex: 1.5,
+ renderer: Ext.String.htmlEncode,
dataIndex: 'headline'
}
],