shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-26 10:03:37 +03:00
Code Releases Wiki Activity

M #-: xss in role name vmg (#4171)

Browse Source 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>

Co-authored-by: Tino Vázquez <cvazquez@opennebula.systems>
(cherry picked from commit 8c3ce3f6b1f69f0fcd1fc534c045e4fccc30f736)
This commit is contained in:
Jorge Lobo 2020-02-10 17:11:28 +01:00 committed by Tino Vazquez
parent 41f9a3aa24
commit 25594a55c3
No known key found for this signature in database
GPG Key ID: 2FE9C32E94AEABBE
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/sunstone/public/app/tabs/vmgroup-tab/form-panels/create.js
View File

@ -168,8 +168,8 @@ define(function(require) {
function _submitWizard(context) { function _submitWizard(context) {
that = this; that = this;
var name = WizardFields.retrieveInput($("#vm_group_name", context)); var name = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_name", context)));
var description = WizardFields.retrieveInput($("#vm_group_description", context)); var description = TemplateUtils.removeHTMLTags(WizardFields.retrieveInput($("#vm_group_description", context)));
var role = []; var role = [];

11
src/sunstone/public/app/tabs/vmgroup-tab/utils/role-tab.js
View File

@ -20,6 +20,7 @@ define(function(require) {
var Tips = require('utils/tips'); var Tips = require('utils/tips');
var Config = require('sunstone-config'); var Config = require('sunstone-config');
var TemplateUtils = require("../../../utils/template-utils");
var TemplateHTML = require('hbs!./role-tab/html'); var TemplateHTML = require('hbs!./role-tab/html');
var HostsTable = require('./datatable'); var HostsTable = require('./datatable');
@ -158,21 +159,21 @@ define(function(require) {
var role = {}; var role = {};
var text = ""; var text = "";
role['NAME'] = $('input[name="name"]', context).val(); role['NAME'] = TemplateUtils.removeHTMLTags($('input[name="name"]', context).val());
role['VIRTUAL_MACHINES'] = $('input[name="cardinality"]', context).val(); role['VIRTUAL_MACHINES'] = TemplateUtils.removeHTMLTags($('input[name="cardinality"]', context).val());
role['POLICY'] = $('input[name="protocol_'+this.html_role_id+'"]:checked', context).val(); role['POLICY'] = TemplateUtils.removeHTMLTags($('input[name="protocol_'+this.html_role_id+'"]:checked', context).val());
if(this.host_affined.length > 0){ if(this.host_affined.length > 0){
for(data in this.host_affined) for(data in this.host_affined)
text += this.host_affined[data] + ", "; text += this.host_affined[data] + ", ";
text = text.slice(0,-2); text = text.slice(0,-2);
role['HOST_AFFINED'] = text role['HOST_AFFINED'] = TemplateUtils.removeHTMLTags(text)
text = ""; text = "";
} }
if(this.host_anti_affined.length > 0){ if(this.host_anti_affined.length > 0){
for(data in this.host_anti_affined) for(data in this.host_anti_affined)
text += this.host_anti_affined[data] + ", "; text += this.host_anti_affined[data] + ", ";
text = text.slice(0,-2); text = text.slice(0,-2);
role['HOST_ANTI_AFFINED'] = text; role['HOST_ANTI_AFFINED'] = TemplateUtils.removeHTMLTags(text);
} }
role = _removeEmptyObjects(role); role = _removeEmptyObjects(role);
return role; return role;

3
src/sunstone/public/app/utils/template-utils.js
View File

@ -184,7 +184,8 @@ define(function(require) {
"templateToString": _convert_template_to_string, "templateToString": _convert_template_to_string,
"htmlDecode": _htmlDecode, "htmlDecode": _htmlDecode,
"htmlEncode": _htmlEncode, "htmlEncode": _htmlEncode,
"escapeDoubleQuotes": _escapeDoubleQuotes "escapeDoubleQuotes": _escapeDoubleQuotes,
"removeHTMLTags": _removeHTMLTags
}; };
}); });