XSS fixes (!257) · Merge Requests · CIRCLE / cloud

XSS fixes

dashboard/static/dashboard/dashboard.js:260: $("#dashboard-vm-list").html(html); escaped ✅

dashboard/static/dashboard/dashboard.js:308: $("#dashboard-node-list").html(html); escaped ✅

dashboard/static/dashboard/dashboard.js:318: $("#dashboard-node-taglist").html(html); escaped ✅

dashboard/static/dashboard/dashboard.js:358: $("#dashboard-group-list").html(html); escaped ✅

dashboard/static/dashboard/dashboard.js:604: $('.messagelist').html('').append(div); ✅

dashboard/static/dashboard/group-list.js:20: $("#group-list-column-name", row).html( jQuery is used to create the html element ✅

dashboard/static/dashboard/store.js:7: $("#store-list-container").html(result); rendered by Django ✅

dashboard/static/dashboard/vm-console.js:13: $('#noVNC_status').html(msg);

dashboard/static/dashboard/vm-console.js:49: $('#noVNC_status').html('Retreiving authorization token.'); ✅

dashboard/static/dashboard/vm-console.js:52: $('#noVNC_status').html('No authorization token received.'); ✅

dashboard/static/dashboard/vm-console.js:65: $('#noVNC_status').html("Can't connect to console."); ✅

dashboard/static/dashboard/vm-create.js:97: $('#vm-create-network-list').html(''); ✅

dashboard/static/dashboard/vm-create.js:111: $('#vm-create-network-add-select').html('' + gettext("No more networks.") + ''); ✅

dashboard/static/dashboard/vm-create.js:128: $('#vm-create-network-add-select').html('');✅

dashboard/static/dashboard/vm-create.js:162: $("#vm-create-network-list").html(""); ✅

dashboard/static/dashboard/vm-create.js:174: $("#vm-create-network-add-select").html('' + gettext("No more networks.") + ''); ✅

dashboard/static/dashboard/vm-create.js:196: $("#vm-create-disk-list").html(""); ✅

dashboard/static/dashboard/vm-details.js:166: $("#vm-details-disk-add-for-form").html($("#vm-details-disk-add-form").html()); ✅

dashboard/static/dashboard/vm-details.js:272: .html(new_desc.replace(/\n/g, "
")); ✅

dashboard/static/dashboard/vm-details.js:364: $("#activity-refresh").html(data['activities']); rendered by Django ✅

dashboard/static/dashboard/vm-details.js:368: $("#ops").html(data['ops']); rendered by Django ✅

dashboard/static/dashboard/vm-details.js:369: $("#disk-ops").html(data['disk_ops']); rendered by Django ✅

dashboard/static/dashboard/vm-details.js:380: $("#vm-details-state span").html(data['human_readable_status'].toUpperCase()); ✅

dashboard/static/dashboard/dashboard.js:260:    $("#dashboard-vm-list").html(html); escaped :white_check_mark:

dashboard/static/dashboard/dashboard.js:308:    $("#dashboard-node-list").html(html); escaped :white_check_mark:

dashboard/static/dashboard/dashboard.js:318:    $("#dashboard-node-taglist").html(html); escaped :white_check_mark:
 
dashboard/static/dashboard/dashboard.js:358:    $("#dashboard-group-list").html(html); escaped :white_check_mark:

dashboard/static/dashboard/dashboard.js:604:  $('.messagelist').html('').append(div); :white_check_mark:

dashboard/static/dashboard/group-list.js:20:        $("#group-list-column-name", row).html( jQuery is used to create the html element :white_check_mark:

dashboard/static/dashboard/store.js:7:        $("#store-list-container").html(result); rendered by Django :white_check_mark:

dashboard/static/dashboard/vm-console.js:13:          $('#noVNC_status').html(msg);

dashboard/static/dashboard/vm-console.js:49:      $('#noVNC_status').html('Retreiving authorization token.'); :white_check_mark:

dashboard/static/dashboard/vm-console.js:52:              $('#noVNC_status').html('No authorization token received.'); :white_check_mark:

dashboard/static/dashboard/vm-console.js:65:          $('#noVNC_status').html("Can't connect to console."); :white_check_mark:

dashboard/static/dashboard/vm-create.js:97:      $('#vm-create-network-list').html(''); :white_check_mark:

dashboard/static/dashboard/vm-create.js:111:      $('#vm-create-network-add-select').html('<option value="-1">' + gettext("No more networks.") + '</option>');  :white_check_mark:

dashboard/static/dashboard/vm-create.js:128:        $('#vm-create-network-add-select').html('');:white_check_mark:

dashboard/static/dashboard/vm-create.js:162:      $("#vm-create-network-list").html(""); :white_check_mark:

dashboard/static/dashboard/vm-create.js:174:    $("#vm-create-network-add-select").html('<option value="-1">' + gettext("No more networks.") + '</option>'); :white_check_mark:

dashboard/static/dashboard/vm-create.js:196:      $("#vm-create-disk-list").html(""); :white_check_mark:

dashboard/static/dashboard/vm-details.js:166:    $("#vm-details-disk-add-for-form").html($("#vm-details-disk-add-form").html()); :white_check_mark:

dashboard/static/dashboard/vm-details.js:272:          .html(new_desc.replace(/\n/g, "<br />")); :white_check_mark:

dashboard/static/dashboard/vm-details.js:364:        $("#activity-refresh").html(data['activities']); rendered by Django :white_check_mark:

dashboard/static/dashboard/vm-details.js:368:      $("#ops").html(data['ops']); rendered by Django :white_check_mark:

dashboard/static/dashboard/vm-details.js:369:      $("#disk-ops").html(data['disk_ops']); rendered by Django :white_check_mark:

dashboard/static/dashboard/vm-details.js:380:      $("#vm-details-state span").html(data['human_readable_status'].toUpperCase()); :white_check_mark:

{{ resolvedDiscussionCount }}/{{ discussionCount }} {{ resolvedCountText }} resolved

Bach Dániel @bachdaniel commented Oct 22, 2014

Owner

👍

Edited Oct 22, 2014
:+1: ![XSS](https://git.ik.bme.hu/uploads/circle/cloud/4e7b981c59/XSS.jpg)
Kálmán Viktor @kviktor commented Oct 22, 2014

Owner

<script>alert("+1");</script>

Edited Oct 22, 2014
<script>alert("+1");</script>
Kálmán Viktor @kviktor
mentioned in issue #319 (closed)
Nov 06, 2014

mentioned in issue #319 (closed)

mentioned in issue #319

Toggle commit list

Please register or sign in to comment