bitbake: toastergui: fix XSS injection points in projects page

We close XSS injection points in Projects page. * modify the json filter to properly escape HTML tags in strings * enable $sanitize to automatically sanitize dangerous HTML in user-supplied input * clean dangerous characters in targets field, as that field contents will be directly passed to a shell command Based on the vulnerability discovered and the patch provided by Michael Wood. (Bitbake rev: 23c440db9c076ca37e651bdbbdbefee54998e1dc) Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexandru DAMIAN <alexandru.damian@intel.com> 2014-11-11 17:01:09 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-12 17:04:50 +0000
commit: c5d19aae55be158676eb0914bd5d0701f7d3fd3a (patch)
tree: b549631196198eaa89a922c1088243b25c74ecd9 /bitbake/lib/toaster/toastergui/static/js/projectapp.js
parent: 326d5b1a284ca4d29f986d3d6a1cee838b841301 (diff)
download: poky-c5d19aae55be158676eb0914bd5d0701f7d3fd3a.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/bitbake/lib/toaster/toastergui/static/js/projectapp.js b/bitbake/lib/toaster/toastergui/static/js/projectapp.js
index f0569de04d..9f9a06476a 100644
--- a/bitbake/lib/toaster/toastergui/static/js/projectapp.js
+++ b/bitbake/lib/toaster/toastergui/static/js/projectapp.js
@@ -101,7 +101,7 @@ function _diffArrays(existingArray, newArray, compareElements, onAdded, onDelete
 }
-var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap' ],  angular_formpost);
+var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap', 'ngRoute', 'ngSanitize'],  angular_formpost);
 // modify the template tag markers to prevent conflicts with Django
 projectApp.config(function($interpolateProvider) {
@@ -128,7 +128,7 @@ projectApp.filter('timediff', function() {
 // main controller for the project page
-projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate) {
+projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate, $sanitize) {
    $scope.getSuggestions = function(type, currentValue) {
        var deffered = $q.defer();
@@ -475,6 +475,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc
        var alertText = undefined;
        var alertZone = undefined;
        var oldLayers = [];
        switch(elementid) {
            case '#select-machine':
                alertText = "You have changed the machine to: <strong>" + $scope.machineName + "</strong>";
@@ -594,7 +595,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc
        var crtid = zone.maxid ++;
        angular.forEach(zone, function (o) { o.close() });
        o = {
-            id: crtid, text: $sce.trustAsHtml(text), type: type,
+            id: crtid, text: text, type: type,
            close: function() {
                zone.splice((function(id){ for (var i = 0; i < zone.length; i++) if (id == zone[i].id) { return i}; return undefined;})(crtid), 1);
               },
author	Alexandru DAMIAN <alexandru.damian@intel.com>	2014-11-11 17:01:09 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-12 17:04:50 +0000
commit	c5d19aae55be158676eb0914bd5d0701f7d3fd3a (patch)
tree	b549631196198eaa89a922c1088243b25c74ecd9 /bitbake/lib/toaster/toastergui/static/js/projectapp.js
parent	326d5b1a284ca4d29f986d3d6a1cee838b841301 (diff)
download	poky-c5d19aae55be158676eb0914bd5d0701f7d3fd3a.tar.gz

diff --git a/bitbake/lib/toaster/toastergui/static/js/projectapp.js b/bitbake/lib/toaster/toastergui/static/js/projectapp.js index f0569de04d..9f9a06476a 100644 --- a/bitbake/lib/toaster/toastergui/static/js/projectapp.js +++ b/bitbake/lib/toaster/toastergui/static/js/projectapp.js
@@ -101,7 +101,7 @@ function _diffArrays(existingArray, newArray, compareElements, onAdded, onDelete
101	}	101	}
102		102
103		103
104	var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap' ], angular_formpost);	104	var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap', 'ngRoute', 'ngSanitize'], angular_formpost);
105		105
106	// modify the template tag markers to prevent conflicts with Django	106	// modify the template tag markers to prevent conflicts with Django
107	projectApp.config(function($interpolateProvider) {	107	projectApp.config(function($interpolateProvider) {
@@ -128,7 +128,7 @@ projectApp.filter('timediff', function() {
128		128
129		129
130	// main controller for the project page	130	// main controller for the project page
131	projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate) {	131	projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate, $sanitize) {
132		132
133	$scope.getSuggestions = function(type, currentValue) {	133	$scope.getSuggestions = function(type, currentValue) {
134	var deffered = $q.defer();	134	var deffered = $q.defer();
@@ -475,6 +475,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc
475	var alertText = undefined;	475	var alertText = undefined;
476	var alertZone = undefined;	476	var alertZone = undefined;
477	var oldLayers = [];	477	var oldLayers = [];
		478
478	switch(elementid) {	479	switch(elementid) {
479	case '#select-machine':	480	case '#select-machine':
480	alertText = "You have changed the machine to: <strong>" + $scope.machineName + "</strong>";	481	alertText = "You have changed the machine to: <strong>" + $scope.machineName + "</strong>";
@@ -594,7 +595,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc
594	var crtid = zone.maxid ++;	595	var crtid = zone.maxid ++;
595	angular.forEach(zone, function (o) { o.close() });	596	angular.forEach(zone, function (o) { o.close() });
596	o = {	597	o = {
597	id: crtid, text: $sce.trustAsHtml(text), type: type,	598	id: crtid, text: text, type: type,
598	close: function() {	599	close: function() {
599	zone.splice((function(id){ for (var i = 0; i < zone.length; i++) if (id == zone[i].id) { return i}; return undefined;})(crtid), 1);	600	zone.splice((function(id){ for (var i = 0; i < zone.length; i++) if (id == zone[i].id) { return i}; return undefined;})(crtid), 1);
600	},	601	},