diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2014-11-10 16:24:15 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2014-11-20 15:31:15 +0100 |
| commit | af9fd4dfe2c18e52127480c959c35ad37b566095 (patch) | |
| tree | a09cba62a088277604831b3bb60b7e481742eecd /install | |
| parent | 3f3f49ea93f8ca0c2cdd569a78c952492e7b520a (diff) | |
| download | freeipa-af9fd4dfe2c18e52127480c959c35ad37b566095.tar.gz freeipa-af9fd4dfe2c18e52127480c959c35ad37b566095.tar.xz freeipa-af9fd4dfe2c18e52127480c959c35ad37b566095.zip | |
webui: fix potential XSS vulnerabilities
Escape user defined text to prevent XSS attacks. Extra precaution was taken
to escape also parts which are unlikely to contain user-defined text.
fixes CVE-2014-7850
https://fedorahosted.org/freeipa/ticket/4742
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'install')
| -rw-r--r-- | install/ui/src/freeipa/Application_controller.js | 4 | ||||
| -rw-r--r-- | install/ui/src/freeipa/facet.js | 12 | ||||
| -rw-r--r-- | install/ui/src/freeipa/ipa.js | 1 | ||||
| -rw-r--r-- | install/ui/src/freeipa/rule.js | 2 | ||||
| -rw-r--r-- | install/ui/src/freeipa/widget.js | 4 |
5 files changed, 13 insertions, 10 deletions
diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js index 094bd3da7..4bf76f8f5 100644 --- a/install/ui/src/freeipa/Application_controller.js +++ b/install/ui/src/freeipa/Application_controller.js @@ -252,12 +252,12 @@ define([ var error_container = $('<div/>', { 'class': 'container facet-content facet-error' }).appendTo($('.app-container .content').empty()); - error_container.append('<h1>'+name+'</h1>'); + error_container.append($('<h1/>', { text: name })); var details = $('<div/>', { 'class': 'error-details' }).appendTo(error_container); - details.append('<p> Web UI got in unrecoverable state during "'+error.phase+'" phase.</p>'); + details.append($('<p/>', { text: 'Web UI got in unrecoverable state during "' + error.phase + '" phase' })); if (error.name) window.console.error(error.name); if (error.results) { var msg = error.results.message; diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js index 43627d9d5..b0121c75f 100644 --- a/install/ui/src/freeipa/facet.js +++ b/install/ui/src/freeipa/facet.js @@ -895,12 +895,12 @@ exp.facet = IPA.facet = function(spec, no_init) { title = title.replace('${error}', error_thrown.name); that.error_container.empty(); - that.error_container.append('<h1>'+title+'</h1>'); + that.error_container.append($('<h1/>', { text: title })); var details = $('<div/>', { 'class': 'error-details' }).appendTo(that.error_container); - details.append('<p>'+error_thrown.message+'</p>'); + details.append($('<p/>', { text: error_thrown.message })); $('<div/>', { text: text.get('@i18n:error_report.options') @@ -932,7 +932,9 @@ exp.facet = IPA.facet = function(spec, no_init) { } ); - that.error_container.append('<p>'+text.get('@i18n:error_report.problem_persists')+'</p>'); + that.error_container.append($('<p/>', { + text: text.get('@i18n:error_report.problem_persists') + })); that.show_error(); }; @@ -1214,7 +1216,7 @@ exp.facet_header = IPA.facet_header = function(spec) { click: item.handler }).appendTo(bc_item); } else { - bc_item.append(item.text); + bc_item.text(item.text); } return bc_item; }; @@ -1823,7 +1825,7 @@ exp.table_facet = IPA.table_facet = function(spec, no_init) { function(xhr, text_status, error_thrown) { that.load_records([]); var summary = that.table.summary.empty(); - summary.append(error_thrown.name+': '+error_thrown.message); + summary.text(error_thrown.name+': '+error_thrown.message); } ); }; diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js index 6d3aeaaaa..137f11e83 100644 --- a/install/ui/src/freeipa/ipa.js +++ b/install/ui/src/freeipa/ipa.js @@ -1133,6 +1133,7 @@ IPA.notify = function(message, type, timeout) { if (typeof message === 'string') { message = text.get(message); + message = document.createTextNode(message); } var notification_area = $('#notification .notification-area'); diff --git a/install/ui/src/freeipa/rule.js b/install/ui/src/freeipa/rule.js index 8a2b01963..706827190 100644 --- a/install/ui/src/freeipa/rule.js +++ b/install/ui/src/freeipa/rule.js @@ -91,7 +91,7 @@ IPA.rule_radio_widget = function(spec) { var param_info = IPA.get_entity_param(that.entity.name, that.name); var title = param_info ? param_info.doc : that.name; - container.append(title + ': '); + container.append(document.createTextNode(title + ': ')); that.widget_create(container); that.owb_create(container); if (that.undo) { diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 9240df8ef..1ef1a2bf2 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -4166,8 +4166,8 @@ IPA.link_widget = function(spec) { that.values = util.normalize_value(values); that.value = that.values.slice(-1)[0] || ''; - that.link.html(that.value); - that.nonlink.html(that.value); + that.link.text(that.value); + that.nonlink.text(that.value); that.update_link(); that.check_entity_link(); that.on_value_changed(values); |