shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Code Releases Activity

Merge pull request #2910 from jaredevantabor/monkey-punch

Browse Source 
XSS sanitize permissions-popover
This commit is contained in:
Jared Tabor 2016-07-11 10:22:11 -07:00 committed by GitHub
commit c09a08e012
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/ui/client/src/access/roleList.partial.html
View File

@ -9,7 +9,7 @@
<div class="RoleList-tag" <div class="RoleList-tag"
ng-class="{'RoleList-tag--deletable': entry.explicit, ng-class="{'RoleList-tag--deletable': entry.explicit,
'RoleList-tag--team': entry.team_id}" 'RoleList-tag--team': entry.team_id}"
aw-tool-tip='{{entry.team_name}}' aw-tip-placement='bottom'> aw-tool-tip='{{entry.team_name | sanitize}}' aw-tip-placement='bottom'>
<span class="RoleList-name">{{ entry.name }}</span> <span class="RoleList-name">{{ entry.name }}</span>
<i ng-show='entry.team_id' class="fa fa-users"></i> <i ng-show='entry.team_id' class="fa fa-users"></i>
</div> </div>

7
awx/ui/client/src/app.js
View File

@ -521,11 +521,12 @@ var tower = angular.module('Tower', [
'ClearScope', 'Socket', 'LoadConfig', 'Store', 'ClearScope', 'Socket', 'LoadConfig', 'Store',
'ShowSocketHelp', 'pendoService', 'Prompt', 'Rest', 'Wait', 'ShowSocketHelp', 'pendoService', 'Prompt', 'Rest', 'Wait',
'ProcessErrors', '$state', 'GetBasePath', 'ConfigService', 'ProcessErrors', '$state', 'GetBasePath', 'ConfigService',
'FeaturesService', 'FeaturesService', '$filter',
function ($q, $compile, $cookieStore, $rootScope, $log, CheckLicense, function ($q, $compile, $cookieStore, $rootScope, $log, CheckLicense,
$location, Authorization, LoadBasePaths, Timer, ClearScope, Socket, $location, Authorization, LoadBasePaths, Timer, ClearScope, Socket,
LoadConfig, Store, ShowSocketHelp, pendoService, Prompt, Rest, Wait, LoadConfig, Store, ShowSocketHelp, pendoService, Prompt, Rest, Wait,
ProcessErrors, $state, GetBasePath, ConfigService, FeaturesService) { ProcessErrors, $state, GetBasePath, ConfigService, FeaturesService,
$filter) {
var sock; var sock;
$rootScope.addPermission = function (scope) { $rootScope.addPermission = function (scope) {
$compile("<add-permissions class='AddPermissions'></add-permissions>")(scope); $compile("<add-permissions class='AddPermissions'></add-permissions>")(scope);
@ -563,7 +564,7 @@ var tower = angular.module('Tower', [
if (accessListEntry.team_id) { if (accessListEntry.team_id) {
Prompt({ Prompt({
hdr: `Team access removal`, hdr: `Team access removal`,
body: `<div class="Prompt-bodyQuery">Please confirm that you would like to remove <span class="Prompt-emphasis">${entry.name}</span> access from the team <span class="Prompt-emphasis">${entry.team_name}</span>. This will affect all members of the team. If you would like to only remove access for this particular user, please remove them from the team.</div>`, body: `<div class="Prompt-bodyQuery">Please confirm that you would like to remove <span class="Prompt-emphasis">${entry.name}</span> access from the team <span class="Prompt-emphasis">${$filter('sanitize')(entry.team_name)}</span>. This will affect all members of the team. If you would like to only remove access for this particular user, please remove them from the team.</div>`,
action: action, action: action,
actionText: 'REMOVE TEAM ACCESS' actionText: 'REMOVE TEAM ACCESS'
}); });