diff options
author | Alexandru DAMIAN <alexandru.damian@intel.com> | 2014-11-11 17:01:09 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-12 17:04:50 +0000 |
commit | c5d19aae55be158676eb0914bd5d0701f7d3fd3a (patch) | |
tree | b549631196198eaa89a922c1088243b25c74ecd9 /bitbake/lib/toaster/toastergui/static/js/projectapp.js | |
parent | 326d5b1a284ca4d29f986d3d6a1cee838b841301 (diff) | |
download | poky-c5d19aae55be158676eb0914bd5d0701f7d3fd3a.tar.gz |
bitbake: toastergui: fix XSS injection points in projects page
We close XSS injection points in Projects page.
* modify the json filter to properly escape HTML tags in strings
* enable $sanitize to automatically sanitize dangerous HTML in
user-supplied input
* clean dangerous characters in targets field, as that field contents
will be directly passed to a shell command
Based on the vulnerability discovered and the patch provided by Michael Wood.
(Bitbake rev: 23c440db9c076ca37e651bdbbdbefee54998e1dc)
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'bitbake/lib/toaster/toastergui/static/js/projectapp.js')
-rw-r--r-- | bitbake/lib/toaster/toastergui/static/js/projectapp.js | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/bitbake/lib/toaster/toastergui/static/js/projectapp.js b/bitbake/lib/toaster/toastergui/static/js/projectapp.js index f0569de04d..9f9a06476a 100644 --- a/bitbake/lib/toaster/toastergui/static/js/projectapp.js +++ b/bitbake/lib/toaster/toastergui/static/js/projectapp.js | |||
@@ -101,7 +101,7 @@ function _diffArrays(existingArray, newArray, compareElements, onAdded, onDelete | |||
101 | } | 101 | } |
102 | 102 | ||
103 | 103 | ||
104 | var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap' ], angular_formpost); | 104 | var projectApp = angular.module('project', ['ngCookies', 'ngAnimate', 'ui.bootstrap', 'ngRoute', 'ngSanitize'], angular_formpost); |
105 | 105 | ||
106 | // modify the template tag markers to prevent conflicts with Django | 106 | // modify the template tag markers to prevent conflicts with Django |
107 | projectApp.config(function($interpolateProvider) { | 107 | projectApp.config(function($interpolateProvider) { |
@@ -128,7 +128,7 @@ projectApp.filter('timediff', function() { | |||
128 | 128 | ||
129 | 129 | ||
130 | // main controller for the project page | 130 | // main controller for the project page |
131 | projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate) { | 131 | projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $location, $cookies, $q, $sce, $anchorScroll, $animate, $sanitize) { |
132 | 132 | ||
133 | $scope.getSuggestions = function(type, currentValue) { | 133 | $scope.getSuggestions = function(type, currentValue) { |
134 | var deffered = $q.defer(); | 134 | var deffered = $q.defer(); |
@@ -475,6 +475,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc | |||
475 | var alertText = undefined; | 475 | var alertText = undefined; |
476 | var alertZone = undefined; | 476 | var alertZone = undefined; |
477 | var oldLayers = []; | 477 | var oldLayers = []; |
478 | |||
478 | switch(elementid) { | 479 | switch(elementid) { |
479 | case '#select-machine': | 480 | case '#select-machine': |
480 | alertText = "You have changed the machine to: <strong>" + $scope.machineName + "</strong>"; | 481 | alertText = "You have changed the machine to: <strong>" + $scope.machineName + "</strong>"; |
@@ -594,7 +595,7 @@ projectApp.controller('prjCtrl', function($scope, $modal, $http, $interval, $loc | |||
594 | var crtid = zone.maxid ++; | 595 | var crtid = zone.maxid ++; |
595 | angular.forEach(zone, function (o) { o.close() }); | 596 | angular.forEach(zone, function (o) { o.close() }); |
596 | o = { | 597 | o = { |
597 | id: crtid, text: $sce.trustAsHtml(text), type: type, | 598 | id: crtid, text: text, type: type, |
598 | close: function() { | 599 | close: function() { |
599 | zone.splice((function(id){ for (var i = 0; i < zone.length; i++) if (id == zone[i].id) { return i}; return undefined;})(crtid), 1); | 600 | zone.splice((function(id){ for (var i = 0; i < zone.length; i++) if (id == zone[i].id) { return i}; return undefined;})(crtid), 1); |
600 | }, | 601 | }, |