1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-24 21:34:01 +03:00

M #-: xss in role name vmg (#4171)

Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>

Co-authored-by: Tino Vázquez <cvazquez@opennebula.systems>
(cherry picked from commit 8c3ce3f6b1)
This commit is contained in:
Jorge Lobo 2020-02-10 17:11:28 +01:00 committed by Tino Vazquez
parent 41f9a3aa24
commit 25594a55c3
No known key found for this signature in database
GPG Key ID: 2FE9C32E94AEABBE
3 changed files with 10 additions and 8 deletions

View File

@ -168,8 +168,8 @@ define(function(require) {
function _submitWizard(context) {
that = this;
var name = WizardFields.retrieveInput($("#vm_group_name", context));
var description = WizardFields.retrieveInput($("#vm_group_description", context));
var name = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_name", context)));
var description = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_description", context)));
var role = [];

View File

@ -20,6 +20,7 @@ define(function(require) {
var Tips = require('utils/tips');
var Config = require('sunstone-config');
var TemplateUtils = require("../../../utils/template-utils");
var TemplateHTML = require('hbs!./role-tab/html');
var HostsTable = require('./datatable');
@ -158,21 +159,21 @@ define(function(require) {
var role = {};
var text = "";
role['NAME'] = $('input[name="name"]', context).val();
role['VIRTUAL_MACHINES'] = $('input[name="cardinality"]', context).val();
role['POLICY'] = $('input[name="protocol_'+this.html_role_id+'"]:checked', context).val();
role['NAME'] = TemplateUtils.removeHTMLTags($('input[name="name"]', context).val());
role['VIRTUAL_MACHINES'] = TemplateUtils.removeHTMLTags($('input[name="cardinality"]', context).val());
role['POLICY'] = TemplateUtils.removeHTMLTags($('input[name="protocol_'+this.html_role_id+'"]:checked', context).val());
if(this.host_affined.length > 0){
for(data in this.host_affined)
text += this.host_affined[data] + ", ";
text = text.slice(0,-2);
role['HOST_AFFINED'] = text
role['HOST_AFFINED'] = TemplateUtils.removeHTMLTags(text)
text = "";
}
if(this.host_anti_affined.length > 0){
for(data in this.host_anti_affined)
text += this.host_anti_affined[data] + ", ";
text = text.slice(0,-2);
role['HOST_ANTI_AFFINED'] = text;
role['HOST_ANTI_AFFINED'] = TemplateUtils.removeHTMLTags(text);
}
role = _removeEmptyObjects(role);
return role;

View File

@ -184,7 +184,8 @@ define(function(require) {
"templateToString": _convert_template_to_string,
"htmlDecode": _htmlDecode,
"htmlEncode": _htmlEncode,
"escapeDoubleQuotes": _escapeDoubleQuotes
"escapeDoubleQuotes": _escapeDoubleQuotes,
"removeHTMLTags": _removeHTMLTags
};
});