mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-24 21:34:01 +03:00
M #-: xss in role name vmg (#4171)
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
Co-authored-by: Tino Vázquez <cvazquez@opennebula.systems>
(cherry picked from commit 8c3ce3f6b1
)
This commit is contained in:
parent
41f9a3aa24
commit
25594a55c3
@ -168,8 +168,8 @@ define(function(require) {
|
||||
|
||||
function _submitWizard(context) {
|
||||
that = this;
|
||||
var name = WizardFields.retrieveInput($("#vm_group_name", context));
|
||||
var description = WizardFields.retrieveInput($("#vm_group_description", context));
|
||||
var name = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_name", context)));
|
||||
var description = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_description", context)));
|
||||
|
||||
var role = [];
|
||||
|
||||
|
@ -20,6 +20,7 @@ define(function(require) {
|
||||
var Tips = require('utils/tips');
|
||||
var Config = require('sunstone-config');
|
||||
|
||||
var TemplateUtils = require("../../../utils/template-utils");
|
||||
var TemplateHTML = require('hbs!./role-tab/html');
|
||||
var HostsTable = require('./datatable');
|
||||
|
||||
@ -158,21 +159,21 @@ define(function(require) {
|
||||
|
||||
var role = {};
|
||||
var text = "";
|
||||
role['NAME'] = $('input[name="name"]', context).val();
|
||||
role['VIRTUAL_MACHINES'] = $('input[name="cardinality"]', context).val();
|
||||
role['POLICY'] = $('input[name="protocol_'+this.html_role_id+'"]:checked', context).val();
|
||||
role['NAME'] = TemplateUtils.removeHTMLTags($('input[name="name"]', context).val());
|
||||
role['VIRTUAL_MACHINES'] = TemplateUtils.removeHTMLTags($('input[name="cardinality"]', context).val());
|
||||
role['POLICY'] = TemplateUtils.removeHTMLTags($('input[name="protocol_'+this.html_role_id+'"]:checked', context).val());
|
||||
if(this.host_affined.length > 0){
|
||||
for(data in this.host_affined)
|
||||
text += this.host_affined[data] + ", ";
|
||||
text = text.slice(0,-2);
|
||||
role['HOST_AFFINED'] = text
|
||||
role['HOST_AFFINED'] = TemplateUtils.removeHTMLTags(text)
|
||||
text = "";
|
||||
}
|
||||
if(this.host_anti_affined.length > 0){
|
||||
for(data in this.host_anti_affined)
|
||||
text += this.host_anti_affined[data] + ", ";
|
||||
text = text.slice(0,-2);
|
||||
role['HOST_ANTI_AFFINED'] = text;
|
||||
role['HOST_ANTI_AFFINED'] = TemplateUtils.removeHTMLTags(text);
|
||||
}
|
||||
role = _removeEmptyObjects(role);
|
||||
return role;
|
||||
|
@ -184,7 +184,8 @@ define(function(require) {
|
||||
"templateToString": _convert_template_to_string,
|
||||
"htmlDecode": _htmlDecode,
|
||||
"htmlEncode": _htmlEncode,
|
||||
"escapeDoubleQuotes": _escapeDoubleQuotes
|
||||
"escapeDoubleQuotes": _escapeDoubleQuotes,
|
||||
"removeHTMLTags": _removeHTMLTags
|
||||
};
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user