1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 22:21:13 +03:00

XSS fix: serialize survey question default answer

For the XSS issues that we found, I am serializing the default answers now to make sure all appropriate characters are escaped.
This commit is contained in:
Jared Tabor 2015-01-29 11:20:59 -05:00
parent c7006d91b2
commit 2cc84f8bdd
3 changed files with 16 additions and 11 deletions

View File

@ -554,7 +554,7 @@ function JobTemplatesEdit($scope, $rootScope, $compile, $location, $log, $routeP
Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, InventoryList, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, InventoryList,
CredentialList, ProjectList, LookUpInit, GetBasePath, md5Setup, ParseTypeChange, JobStatusToolTip, FormatDate, CredentialList, ProjectList, LookUpInit, GetBasePath, md5Setup, ParseTypeChange, JobStatusToolTip, FormatDate,
Wait, Stream, Empty, Prompt, ParseVariableString, ToJSON, SchedulesControllerInit, JobsControllerInit, JobsListUpdate, Wait, Stream, Empty, Prompt, ParseVariableString, ToJSON, SchedulesControllerInit, JobsControllerInit, JobsListUpdate,
GetChoices, SchedulesListInit, SchedulesList, CallbackHelpInit, PlaybookRun, SurveyControllerInit){ GetChoices, SchedulesListInit, SchedulesList, CallbackHelpInit, PlaybookRun, SurveyControllerInit, $sce){
ClearScope(); ClearScope();
@ -593,7 +593,8 @@ function JobTemplatesEdit($scope, $rootScope, $compile, $location, $log, $routeP
SurveyControllerInit({ SurveyControllerInit({
scope: $scope, scope: $scope,
parent_scope: $scope, parent_scope: $scope,
id: id id: id,
sce: $sce
}); });
callback = function() { callback = function() {
@ -1061,5 +1062,5 @@ JobTemplatesEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$l
'ReturnToCaller', 'ClearScope', 'InventoryList', 'CredentialList', 'ProjectList', 'LookUpInit', 'ReturnToCaller', 'ClearScope', 'InventoryList', 'CredentialList', 'ProjectList', 'LookUpInit',
'GetBasePath', 'md5Setup', 'ParseTypeChange', 'JobStatusToolTip', 'FormatDate', 'Wait', 'Stream', 'Empty', 'Prompt', 'GetBasePath', 'md5Setup', 'ParseTypeChange', 'JobStatusToolTip', 'FormatDate', 'Wait', 'Stream', 'Empty', 'Prompt',
'ParseVariableString', 'ToJSON', 'SchedulesControllerInit', 'JobsControllerInit', 'JobsListUpdate', 'GetChoices', 'ParseVariableString', 'ToJSON', 'SchedulesControllerInit', 'JobsControllerInit', 'JobsListUpdate', 'GetChoices',
'SchedulesListInit', 'SchedulesList', 'CallbackHelpInit', 'PlaybookRun' , 'SurveyControllerInit' 'SchedulesListInit', 'SchedulesList', 'CallbackHelpInit', 'PlaybookRun' , 'SurveyControllerInit', '$sce'
]; ];

View File

@ -13,7 +13,7 @@
'use strict'; 'use strict';
angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog', angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog' ,
'GeneratorHelpers']) 'GeneratorHelpers'])
.factory('ShowSurveyModal', ['Wait', 'CreateDialog', 'Empty', '$compile' , .factory('ShowSurveyModal', ['Wait', 'CreateDialog', 'Empty', '$compile' ,
@ -288,6 +288,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
defaultValue = (question.default) ? question.default : ""; defaultValue = (question.default) ? question.default : "";
defaultValue = defaultValue.replace(/</g, "&lt;"); defaultValue = defaultValue.replace(/</g, "&lt;");
defaultValue = defaultValue.replace(/>/g, "&gt;"); defaultValue = defaultValue.replace(/>/g, "&gt;");
defaultValue = scope.serialize(defaultValue);
html+='<div class="row">'+ html+='<div class="row">'+
'<div class="col-xs-8">'+ '<div class="col-xs-8">'+
'<input type="text" placeholder="'+defaultValue+'" class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" readonly>'+ '<input type="text" placeholder="'+defaultValue+'" class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" readonly>'+
@ -297,6 +298,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ; defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ;
defaultValue = defaultValue.replace(/</g, "&lt;"); defaultValue = defaultValue.replace(/</g, "&lt;");
defaultValue = defaultValue.replace(/>/g, "&gt;"); defaultValue = defaultValue.replace(/>/g, "&gt;");
defaultValue = scope.serialize(defaultValue);
html+='<div class="row">'+ html+='<div class="row">'+
'<div class="col-xs-8 input_area">'+ '<div class="col-xs-8 input_area">'+
'<textarea class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" rows="3" readonly>'+defaultValue+'</textarea>'+ '<textarea class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" rows="3" readonly>'+defaultValue+'</textarea>'+
@ -311,6 +313,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
checked = (!Empty(question.default) && question.default.indexOf(choices[i])!==-1) ? "checked" : ""; checked = (!Empty(question.default) && question.default.indexOf(choices[i])!==-1) ? "checked" : "";
choices[i] = choices[i] .replace(/</g, "&lt;"); choices[i] = choices[i] .replace(/</g, "&lt;");
choices[i] = choices[i] .replace(/>/g, "&gt;"); choices[i] = choices[i] .replace(/>/g, "&gt;");
choices[i] = scope.serialize(choices[i]);
html+= '<input type="'+element+'" class="mc" ng-required="!'+question.variable+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[i]+' " '+checked+' disabled>' + html+= '<input type="'+element+'" class="mc" ng-required="!'+question.variable+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[i]+' " '+checked+' disabled>' +
'<span>'+choices[i] +'</span><br>' ; '<span>'+choices[i] +'</span><br>' ;
} }
@ -462,8 +465,9 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
id = params.id, id = params.id,
i, url, html, element, i, url, html, element,
questions = [], questions = [],
form = SurveyQuestionForm; form = SurveyQuestionForm,
sce = params.sce;
scope.sce = sce;
scope.survey_questions = []; scope.survey_questions = [];
scope.answer_types=[ scope.answer_types=[
{name: 'Text' , type: 'text'}, {name: 'Text' , type: 'text'},
@ -474,6 +478,10 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
{name: 'Float', type: 'float'} {name: 'Float', type: 'float'}
]; ];
scope.serialize = function(expression){
return scope.sce.getTrustedHtml(expression);
};
scope.deleteSurvey = function() { scope.deleteSurvey = function() {
DeleteSurvey({ DeleteSurvey({
scope: scope, scope: scope,

View File

@ -117,11 +117,7 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
}; };
}) })
// caplitalize Add to any input field where the first letter of each
// word should be capitalized. Use in place of css test-transform.
// For some reason "text-transform: capitalize" in breadcrumbs
// causes a break at each blank space. And of course,
// "autocapitalize='word'" only works in iOS. Use this as a fix.
.directive('awSurveyQuestion', function() { .directive('awSurveyQuestion', function() {
return { return {
require: 'ngModel', require: 'ngModel',