mirror of
https://github.com/ansible/awx.git
synced 2024-10-30 22:21:13 +03:00
XSS fix: serialize survey question default answer
For the XSS issues that we found, I am serializing the default answers now to make sure all appropriate characters are escaped.
This commit is contained in:
parent
c7006d91b2
commit
2cc84f8bdd
@ -554,7 +554,7 @@ function JobTemplatesEdit($scope, $rootScope, $compile, $location, $log, $routeP
|
|||||||
Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, InventoryList,
|
Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, InventoryList,
|
||||||
CredentialList, ProjectList, LookUpInit, GetBasePath, md5Setup, ParseTypeChange, JobStatusToolTip, FormatDate,
|
CredentialList, ProjectList, LookUpInit, GetBasePath, md5Setup, ParseTypeChange, JobStatusToolTip, FormatDate,
|
||||||
Wait, Stream, Empty, Prompt, ParseVariableString, ToJSON, SchedulesControllerInit, JobsControllerInit, JobsListUpdate,
|
Wait, Stream, Empty, Prompt, ParseVariableString, ToJSON, SchedulesControllerInit, JobsControllerInit, JobsListUpdate,
|
||||||
GetChoices, SchedulesListInit, SchedulesList, CallbackHelpInit, PlaybookRun, SurveyControllerInit){
|
GetChoices, SchedulesListInit, SchedulesList, CallbackHelpInit, PlaybookRun, SurveyControllerInit, $sce){
|
||||||
|
|
||||||
ClearScope();
|
ClearScope();
|
||||||
|
|
||||||
@ -593,7 +593,8 @@ function JobTemplatesEdit($scope, $rootScope, $compile, $location, $log, $routeP
|
|||||||
SurveyControllerInit({
|
SurveyControllerInit({
|
||||||
scope: $scope,
|
scope: $scope,
|
||||||
parent_scope: $scope,
|
parent_scope: $scope,
|
||||||
id: id
|
id: id,
|
||||||
|
sce: $sce
|
||||||
});
|
});
|
||||||
|
|
||||||
callback = function() {
|
callback = function() {
|
||||||
@ -1061,5 +1062,5 @@ JobTemplatesEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$l
|
|||||||
'ReturnToCaller', 'ClearScope', 'InventoryList', 'CredentialList', 'ProjectList', 'LookUpInit',
|
'ReturnToCaller', 'ClearScope', 'InventoryList', 'CredentialList', 'ProjectList', 'LookUpInit',
|
||||||
'GetBasePath', 'md5Setup', 'ParseTypeChange', 'JobStatusToolTip', 'FormatDate', 'Wait', 'Stream', 'Empty', 'Prompt',
|
'GetBasePath', 'md5Setup', 'ParseTypeChange', 'JobStatusToolTip', 'FormatDate', 'Wait', 'Stream', 'Empty', 'Prompt',
|
||||||
'ParseVariableString', 'ToJSON', 'SchedulesControllerInit', 'JobsControllerInit', 'JobsListUpdate', 'GetChoices',
|
'ParseVariableString', 'ToJSON', 'SchedulesControllerInit', 'JobsControllerInit', 'JobsListUpdate', 'GetChoices',
|
||||||
'SchedulesListInit', 'SchedulesList', 'CallbackHelpInit', 'PlaybookRun' , 'SurveyControllerInit'
|
'SchedulesListInit', 'SchedulesList', 'CallbackHelpInit', 'PlaybookRun' , 'SurveyControllerInit', '$sce'
|
||||||
];
|
];
|
@ -13,7 +13,7 @@
|
|||||||
|
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog',
|
angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog' ,
|
||||||
'GeneratorHelpers'])
|
'GeneratorHelpers'])
|
||||||
|
|
||||||
.factory('ShowSurveyModal', ['Wait', 'CreateDialog', 'Empty', '$compile' ,
|
.factory('ShowSurveyModal', ['Wait', 'CreateDialog', 'Empty', '$compile' ,
|
||||||
@ -288,6 +288,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
|
|||||||
defaultValue = (question.default) ? question.default : "";
|
defaultValue = (question.default) ? question.default : "";
|
||||||
defaultValue = defaultValue.replace(/</g, "<");
|
defaultValue = defaultValue.replace(/</g, "<");
|
||||||
defaultValue = defaultValue.replace(/>/g, ">");
|
defaultValue = defaultValue.replace(/>/g, ">");
|
||||||
|
defaultValue = scope.serialize(defaultValue);
|
||||||
html+='<div class="row">'+
|
html+='<div class="row">'+
|
||||||
'<div class="col-xs-8">'+
|
'<div class="col-xs-8">'+
|
||||||
'<input type="text" placeholder="'+defaultValue+'" class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" readonly>'+
|
'<input type="text" placeholder="'+defaultValue+'" class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" readonly>'+
|
||||||
@ -297,6 +298,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
|
|||||||
defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ;
|
defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ;
|
||||||
defaultValue = defaultValue.replace(/</g, "<");
|
defaultValue = defaultValue.replace(/</g, "<");
|
||||||
defaultValue = defaultValue.replace(/>/g, ">");
|
defaultValue = defaultValue.replace(/>/g, ">");
|
||||||
|
defaultValue = scope.serialize(defaultValue);
|
||||||
html+='<div class="row">'+
|
html+='<div class="row">'+
|
||||||
'<div class="col-xs-8 input_area">'+
|
'<div class="col-xs-8 input_area">'+
|
||||||
'<textarea class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" rows="3" readonly>'+defaultValue+'</textarea>'+
|
'<textarea class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" rows="3" readonly>'+defaultValue+'</textarea>'+
|
||||||
@ -311,6 +313,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
|
|||||||
checked = (!Empty(question.default) && question.default.indexOf(choices[i])!==-1) ? "checked" : "";
|
checked = (!Empty(question.default) && question.default.indexOf(choices[i])!==-1) ? "checked" : "";
|
||||||
choices[i] = choices[i] .replace(/</g, "<");
|
choices[i] = choices[i] .replace(/</g, "<");
|
||||||
choices[i] = choices[i] .replace(/>/g, ">");
|
choices[i] = choices[i] .replace(/>/g, ">");
|
||||||
|
choices[i] = scope.serialize(choices[i]);
|
||||||
html+= '<input type="'+element+'" class="mc" ng-required="!'+question.variable+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[i]+' " '+checked+' disabled>' +
|
html+= '<input type="'+element+'" class="mc" ng-required="!'+question.variable+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[i]+' " '+checked+' disabled>' +
|
||||||
'<span>'+choices[i] +'</span><br>' ;
|
'<span>'+choices[i] +'</span><br>' ;
|
||||||
}
|
}
|
||||||
@ -462,8 +465,9 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
|
|||||||
id = params.id,
|
id = params.id,
|
||||||
i, url, html, element,
|
i, url, html, element,
|
||||||
questions = [],
|
questions = [],
|
||||||
form = SurveyQuestionForm;
|
form = SurveyQuestionForm,
|
||||||
|
sce = params.sce;
|
||||||
|
scope.sce = sce;
|
||||||
scope.survey_questions = [];
|
scope.survey_questions = [];
|
||||||
scope.answer_types=[
|
scope.answer_types=[
|
||||||
{name: 'Text' , type: 'text'},
|
{name: 'Text' , type: 'text'},
|
||||||
@ -474,6 +478,10 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
|
|||||||
{name: 'Float', type: 'float'}
|
{name: 'Float', type: 'float'}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
scope.serialize = function(expression){
|
||||||
|
return scope.sce.getTrustedHtml(expression);
|
||||||
|
};
|
||||||
|
|
||||||
scope.deleteSurvey = function() {
|
scope.deleteSurvey = function() {
|
||||||
DeleteSurvey({
|
DeleteSurvey({
|
||||||
scope: scope,
|
scope: scope,
|
||||||
|
@ -117,11 +117,7 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
|
|||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
|
||||||
// caplitalize Add to any input field where the first letter of each
|
|
||||||
// word should be capitalized. Use in place of css test-transform.
|
|
||||||
// For some reason "text-transform: capitalize" in breadcrumbs
|
|
||||||
// causes a break at each blank space. And of course,
|
|
||||||
// "autocapitalize='word'" only works in iOS. Use this as a fix.
|
|
||||||
.directive('awSurveyQuestion', function() {
|
.directive('awSurveyQuestion', function() {
|
||||||
return {
|
return {
|
||||||
require: 'ngModel',
|
require: 'ngModel',
|
||||||
|
Loading…
Reference in New Issue
Block a user