zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-12 15:58:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

XSS fix: serialize survey question default answer

Browse Source 
For the XSS issues that we found, I am serializing the default answers now to make sure all appropriate characters are escaped.
This commit is contained in:
Jared Tabor
2015-01-29 11:20:59 -05:00
parent c7006d91b2
commit 2cc84f8bdd
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
awx/ui/static/js/helpers/Survey.js
+11 -3
View File
@@ -13,7 +13,7 @@
'use strict';
angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog',
angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', 'SearchHelper', 'PaginationHelpers', 'ListGenerator', 'ModalDialog' ,
'GeneratorHelpers'])
.factory('ShowSurveyModal', ['Wait', 'CreateDialog', 'Empty', '$compile' ,
@@ -288,6 +288,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
defaultValue = (question.default) ? question.default : "";
defaultValue = defaultValue.replace(/</g, "&lt;");
defaultValue = defaultValue.replace(/>/g, "&gt;");
defaultValue = scope.serialize(defaultValue);
html+='<div class="row">'+
'<div class="col-xs-8">'+
'<input type="text" placeholder="'+defaultValue+'" class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" readonly>'+
@@ -297,6 +298,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ;
defaultValue = defaultValue.replace(/</g, "&lt;");
defaultValue = defaultValue.replace(/>/g, "&gt;");
defaultValue = scope.serialize(defaultValue);
html+='<div class="row">'+
'<div class="col-xs-8 input_area">'+
'<textarea class="form-control ng-pristine ng-invalid-required ng-invalid final" required="" rows="3" readonly>'+defaultValue+'</textarea>'+
@@ -311,6 +313,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
checked = (!Empty(question.default) && question.default.indexOf(choices[i])!==-1) ? "checked" : "";
choices[i] = choices[i] .replace(/</g, "&lt;");
choices[i] = choices[i] .replace(/>/g, "&gt;");
choices[i] = scope.serialize(choices[i]);
html+= '<input type="'+element+'" class="mc" ng-required="!'+question.variable+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[i]+' " '+checked+' disabled>' +
'<span>'+choices[i] +'</span><br>' ;
}
@@ -462,8 +465,9 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
id = params.id,
i, url, html, element,
questions = [],
form = SurveyQuestionForm;
form = SurveyQuestionForm,
sce = params.sce;
scope.sce = sce;
scope.survey_questions = [];
scope.answer_types=[
{name: 'Text' , type: 'text'},
@@ -474,6 +478,10 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper',
{name: 'Float', type: 'float'}
];
scope.serialize = function(expression){
return scope.sce.getTrustedHtml(expression);
};
scope.deleteSurvey = function() {
DeleteSurvey({
scope: scope,