bitbake: toastergui: fix XSS injection points in projects page - linux/poky.git

diff options

author	Alexandru DAMIAN <alexandru.damian@intel.com>	2014-11-11 17:01:09 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-12 17:04:50 +0000
commit	c5d19aae55be158676eb0914bd5d0701f7d3fd3a (patch)
tree	b549631196198eaa89a922c1088243b25c74ecd9 /bitbake/lib/bb/cooker.py
parent	326d5b1a284ca4d29f986d3d6a1cee838b841301 (diff)
download	poky-c5d19aae55be158676eb0914bd5d0701f7d3fd3a.tar.gz

bitbake: toastergui: fix XSS injection points in projects page

We close XSS injection points in Projects page. * modify the json filter to properly escape HTML tags in strings * enable $sanitize to automatically sanitize dangerous HTML in user-supplied input * clean dangerous characters in targets field, as that field contents will be directly passed to a shell command Based on the vulnerability discovered and the patch provided by Michael Wood. (Bitbake rev: 23c440db9c076ca37e651bdbbdbefee54998e1dc) Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'bitbake/lib/bb/cooker.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: