shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 08:21:15 +03:00
Code Releases Activity

xss tooltip vulnerability fixes

Browse Source
This commit is contained in:
mabashian 2017-07-24 13:42:38 -04:00
parent 01316aebf7
commit 4e5090f28c
15 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
awx/ui/client/src/access/add-rbac-user-team/rbac-selected-list.directive.js
View File

@ -7,10 +7,10 @@
/* jshint unused: vars */ /* jshint unused: vars */
export default ['$compile', 'i18n', 'generateList', export default ['$compile', 'i18n', 'generateList',
'ProjectList', 'TemplateList', 'InventoryList', 'CredentialList', 'ProjectList', 'TemplateList', 'InventoryList', 'CredentialList',
'OrganizationList', 'OrganizationList', '$window',
function($compile, i18n, generateList, function($compile, i18n, generateList,
ProjectList, TemplateList, InventoryList, CredentialList, ProjectList, TemplateList, InventoryList, CredentialList,
OrganizationList) { OrganizationList, $window) {
return { return {
restrict: 'E', restrict: 'E',
scope: { scope: {
@ -60,6 +60,7 @@ export default ['$compile', 'i18n', 'generateList',
name: list.fields.name name: list.fields.name
}; };
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10'; list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
list.fields.name.ngClick = 'linkoutResource("job_template", job_template)';
break; break;
case 'workflow_templates': case 'workflow_templates':
list.name = 'workflow_job_templates'; list.name = 'workflow_job_templates';
@ -68,6 +69,7 @@ export default ['$compile', 'i18n', 'generateList',
name: list.fields.name name: list.fields.name
}; };
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10'; list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
list.fields.name.ngClick = 'linkoutResource("workflow_job_template", workflow_job_template)';
break; break;
case 'credentials': case 'credentials':
case 'organizations': case 'organizations':
@ -126,6 +128,40 @@ export default ['$compile', 'i18n', 'generateList',
multiselect_scope[type][deselectedIdx].isSelected = false; multiselect_scope[type][deselectedIdx].isSelected = false;
}; };
scope.linkoutResource = function(type, resource) {
let url;
switch(type){
case 'project':
url = "/#/projects/" + resource.id;
break;
case 'inventory':
url = resource.kind && resource.kind === "smart" ? "/#/inventories/smart/" + resource.id : "/#/inventories/inventory/" + resource.id;
break;
case 'job_template':
url = "/#/templates/job_template/" + resource.id;
break;
case 'workflow_job_template':
url = "/#/templates/workflow_job_template/" + resource.id;
break;
case 'user':
url = "/#/users/" + resource.id;
break;
case 'team':
url = "/#/teams/" + resource.id;
break;
case 'organization':
url = "/#/organizations/" + resource.id;
break;
case 'credential':
url = "/#/credentials/" + resource.id;
break;
}
$window.open(url,'_blank');
};
element.append(list_html); element.append(list_html);
$compile(element.contents())(scope); $compile(element.contents())(scope);
} }

2
awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-list.directive.js
View File

@ -71,7 +71,6 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
}; };
list.fields.name.ngClick = 'linkoutResource("job_template", job_template)'; list.fields.name.ngClick = 'linkoutResource("job_template", job_template)';
list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11'; list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11';
list.fields.name.ngHref = '#/templates/job_template/{{job_template.id}}';
break; break;
case 'WorkflowTemplates': case 'WorkflowTemplates':
@ -83,7 +82,6 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
}; };
list.fields.name.ngClick = 'linkoutResource("workflow_job_template", workflow_template)'; list.fields.name.ngClick = 'linkoutResource("workflow_job_template", workflow_template)';
list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11'; list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11';
list.fields.name.ngHref = '#/templates/workflow_job_template/{{workflow_template.id}}';
break; break;
case 'Users': case 'Users':
list.fields = { list.fields = {

2
awx/ui/client/src/credential-types/credential-types.list.js
View File

@ -21,7 +21,7 @@ export default ['i18n', function(i18n){
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-md-3 col-sm-9 col-xs-9', columnClass: 'col-md-3 col-sm-9 col-xs-9',
modalColumnClass: 'col-md-8', modalColumnClass: 'col-md-8',
awToolTip: '{{credential_type.description}}', awToolTip: '{{credential_type.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
kind: { kind: {

2
awx/ui/client/src/credentials/credentials.list.js
View File

@ -26,7 +26,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-md-3 col-sm-9 col-xs-9', columnClass: 'col-md-3 col-sm-9 col-xs-9',
modalColumnClass: 'col-md-12', modalColumnClass: 'col-md-12',
awToolTip: '{{credential.description}}', awToolTip: '{{credential.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
kind: { kind: {

2
awx/ui/client/src/inventories-hosts/inventories/inventory.list.js
View File

@ -47,7 +47,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-md-4 col-sm-3 col-xs-6 List-staticColumnAdjacent', columnClass: 'col-md-4 col-sm-3 col-xs-6 List-staticColumnAdjacent',
modalColumnClass: 'col-md-12', modalColumnClass: 'col-md-12',
awToolTip: "{{ inventory.description }}", awToolTip: "{{ inventory.description | sanitize }}",
awTipPlacement: "top", awTipPlacement: "top",
ngClick: 'editInventory(inventory)' ngClick: 'editInventory(inventory)'
}, },

2
awx/ui/client/src/inventory-scripts/inventory-scripts.list.js
View File

@ -20,7 +20,7 @@ export default ['i18n', function(i18n){
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-md-3 col-sm-9 col-xs-9', columnClass: 'col-md-3 col-sm-9 col-xs-9',
modalColumnClass: 'col-md-8', modalColumnClass: 'col-md-8',
awToolTip: '{{inventory_script.description}}', awToolTip: '{{inventory_script.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
organization: { organization: {

2
awx/ui/client/src/management-jobs/management-jobs.list.js
View File

@ -16,7 +16,7 @@ export default function(){
name: { name: {
label: 'Name', label: 'Name',
columnClass: 'col-sm-4 col-xs-4', columnClass: 'col-sm-4 col-xs-4',
awToolTip: '{{configure_job.description}}', awToolTip: '{{configure_job.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
} }
}, },

2
awx/ui/client/src/notifications/notificationTemplates.list.js
View File

@ -32,7 +32,7 @@ export default ['i18n', function(i18n){
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-md-3 col-sm-9 col-xs-9', columnClass: 'col-md-3 col-sm-9 col-xs-9',
linkTo: '/#/notification_templates/{{notification_template.id}}', linkTo: '/#/notification_templates/{{notification_template.id}}',
awToolTip: '{{notification_template.description}}', awToolTip: '{{notification_template.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
notification_type: { notification_type: {

4
awx/ui/client/src/organizations/list/organizations-list.partial.html
View File

@ -52,9 +52,9 @@
ng-repeat="card in orgCards track by card.id"> ng-repeat="card in orgCards track by card.id">
<div class="OrgCards-header"> <div class="OrgCards-header">
<h3 class="OrgCards-label" <h3 class="OrgCards-label"
aw-tool-tip="{{ card.description || 'Place organization description here' }}" aw-tool-tip="{{ (card.description || 'Place organization description here') | sanitize }}"
aw-tip-placement="top"> aw-tip-placement="top">
{{ card.name }} {{ card.name | sanitize}}
</h3> </h3>
<div class="OrgCards-actionItems"> <div class="OrgCards-actionItems">
<button class="OrgCards-actionItem <button class="OrgCards-actionItem

2
awx/ui/client/src/organizations/organizations.list.js
View File

@ -22,7 +22,7 @@ export default [function() {
key: true, key: true,
label: 'Name', label: 'Name',
columnClass: 'col-lg-4 col-md-6 col-sm-8 col-xs-8', columnClass: 'col-lg-4 col-md-6 col-sm-8 col-xs-8',
awToolTip: '{{organization.description}}', awToolTip: '{{organization.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
}, },

2
awx/ui/client/src/partials/survey-maker-modal.html
View File

@ -53,7 +53,7 @@
</div> </div>
<div ng-if="question.question_description" class="SurveyMaker-previewDescription"> <div ng-if="question.question_description" class="SurveyMaker-previewDescription">
<i>{{question.question_description}}</i> <i>{{question.question_description | sanitize}}</i>
</div> </div>
<div class="SurveyMaker-previewInputRow"> <div class="SurveyMaker-previewInputRow">
<span dnd-handle class="SurveyMaker-reorderButton" data-placement="top" aw-tool-tip="Drag to reorder question" data-original-title="" title="" ng-show="(job_template_obj.summary_fields.user_capabilities.edit || workflow_job_template_obj.summary_fields.user_capabilities.edit || canAdd)"> <span dnd-handle class="SurveyMaker-reorderButton" data-placement="top" aw-tool-tip="Drag to reorder question" data-original-title="" title="" ng-show="(job_template_obj.summary_fields.user_capabilities.edit || workflow_job_template_obj.summary_fields.user_capabilities.edit || canAdd)">

2
awx/ui/client/src/portal-mode/portal-job-templates.list.js
View File

@ -23,7 +23,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-lg-5 col-md-5 col-sm-9 col-xs-8', columnClass: 'col-lg-5 col-md-5 col-sm-9 col-xs-8',
linkTo: '/#/templates/job_template/{{job_template.id}}', linkTo: '/#/templates/job_template/{{job_template.id}}',
awToolTip: '{{job_template.description}}', awToolTip: '{{job_template.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
} }
}, },

2
awx/ui/client/src/projects/projects.list.js
View File

@ -37,7 +37,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: "col-lg-4 col-md-4 col-sm-5 col-xs-7 List-staticColumnAdjacent", columnClass: "col-lg-4 col-md-4 col-sm-5 col-xs-7 List-staticColumnAdjacent",
modalColumnClass: 'col-md-8', modalColumnClass: 'col-md-8',
awToolTip: '{{project.description}}', awToolTip: '{{project.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
scm_type: { scm_type: {

2
awx/ui/client/src/teams/teams.list.js
View File

@ -23,7 +23,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-lg-3 col-md-4 col-sm-9 col-xs-9', columnClass: 'col-lg-3 col-md-4 col-sm-9 col-xs-9',
modalColumnClass: 'col-md-8', modalColumnClass: 'col-md-8',
awToolTip: '{{team.description}}', awToolTip: '{{team.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
organization: { organization: {

2
awx/ui/client/src/templates/templates.list.js
View File

@ -24,7 +24,7 @@ export default ['i18n', function(i18n) {
label: i18n._('Name'), label: i18n._('Name'),
columnClass: 'col-lg-2 col-md-2 col-sm-4 col-xs-9', columnClass: 'col-lg-2 col-md-2 col-sm-4 col-xs-9',
ngHref: '#/templates/{{template.type}}/{{template.id}}', ngHref: '#/templates/{{template.type}}/{{template.id}}',
awToolTip: '{{template.description}}', awToolTip: '{{template.description | sanitize}}',
dataPlacement: 'top' dataPlacement: 'top'
}, },
type: { type: {