|
 |
e3ffab |
From a1d4f412181423cb3883650e033b9fb5b415bd83 Mon Sep 17 00:00:00 2001
|
|
|
e3ffab |
From: Petr Vobornik <pvoborni@redhat.com>
|
|
|
e3ffab |
Date: Mon, 10 Nov 2014 16:24:15 +0100
|
|
|
e3ffab |
Subject: [PATCH] webui: fix potential XSS vulnerabilities
|
|
|
e3ffab |
|
|
|
e3ffab |
Escape user defined text to prevent XSS attacks. Extra precaution was taken
|
|
|
e3ffab |
to escape also parts which are unlikely to contain user-defined text.
|
|
|
e3ffab |
|
|
|
e3ffab |
fixes CVE-2014-7850
|
|
|
e3ffab |
|
|
|
e3ffab |
https://fedorahosted.org/freeipa/ticket/4742
|
|
|
e3ffab |
|
|
|
e3ffab |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
e3ffab |
---
|
|
|
e3ffab |
install/ui/src/freeipa/Application_controller.js | 4 ++--
|
|
|
e3ffab |
install/ui/src/freeipa/facet.js | 12 +++++++-----
|
|
|
e3ffab |
install/ui/src/freeipa/ipa.js | 1 +
|
|
|
e3ffab |
install/ui/src/freeipa/rule.js | 2 +-
|
|
|
e3ffab |
install/ui/src/freeipa/widget.js | 4 ++--
|
|
|
e3ffab |
5 files changed, 13 insertions(+), 10 deletions(-)
|
|
|
e3ffab |
|
|
|
e3ffab |
diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js
|
|
|
e3ffab |
index 094bd3da7c4806a316ebe2589b98a523410f4a5f..4bf76f8f56a8e34e330c35956b8922cc3c8f79e3 100644
|
|
|
e3ffab |
--- a/install/ui/src/freeipa/Application_controller.js
|
|
|
e3ffab |
+++ b/install/ui/src/freeipa/Application_controller.js
|
|
|
e3ffab |
@@ -252,12 +252,12 @@ define([
|
|
|
e3ffab |
var error_container = $('', {
|
|
|
e3ffab |
'class': 'container facet-content facet-error'
|
|
|
e3ffab |
}).appendTo($('.app-container .content').empty());
|
|
|
e3ffab |
- error_container.append(''+name+'');
|
|
|
e3ffab |
+ error_container.append($('', { text: name }));
|
|
|
e3ffab |
var details = $('', {
|
|
|
e3ffab |
'class': 'error-details'
|
|
|
e3ffab |
}).appendTo(error_container);
|
|
|
e3ffab |
|
|
|
e3ffab |
- details.append(' Web UI got in unrecoverable state during "'+error.phase+'" phase. ');
|
|
|
e3ffab |
+ details.append($('', { text: 'Web UI got in unrecoverable state during "' + error.phase + '" phase' }));
|
|
|
e3ffab |
if (error.name) window.console.error(error.name);
|
|
|
e3ffab |
if (error.results) {
|
|
|
e3ffab |
var msg = error.results.message;
|
|
|
e3ffab |
diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js
|
|
|
e3ffab |
index 43627d9d531ed700ff780a0773451eaf17b1cbdd..b0121c75fd584988883a3b5f7d1665a985a321fd 100644
|
|
|
e3ffab |
--- a/install/ui/src/freeipa/facet.js
|
|
|
e3ffab |
+++ b/install/ui/src/freeipa/facet.js
|
|
|
e3ffab |
@@ -895,12 +895,12 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
|
|
e3ffab |
title = title.replace('${error}', error_thrown.name);
|
|
|
e3ffab |
|
|
|
e3ffab |
that.error_container.empty();
|
|
|
e3ffab |
- that.error_container.append(''+title+'');
|
|
|
e3ffab |
+ that.error_container.append($('', { text: title }));
|
|
|
e3ffab |
|
|
|
e3ffab |
var details = $('', {
|
|
|
e3ffab |
'class': 'error-details'
|
|
|
e3ffab |
}).appendTo(that.error_container);
|
|
|
e3ffab |
- details.append(''+error_thrown.message+' ');
|
|
|
e3ffab |
+ details.append($('', { text: error_thrown.message }));
|
|
|
e3ffab |
|
|
|
e3ffab |
$('', {
|
|
|
e3ffab |
text: text.get('@i18n:error_report.options')
|
|
|
e3ffab |
@@ -932,7 +932,9 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
|
|
e3ffab |
}
|
|
|
e3ffab |
);
|
|
|
e3ffab |
|
|
|
e3ffab |
- that.error_container.append(''+text.get('@i18n:error_report.problem_persists')+' ');
|
|
|
e3ffab |
+ that.error_container.append($('', {
|
|
|
e3ffab |
+ text: text.get('@i18n:error_report.problem_persists')
|
|
|
e3ffab |
+ }));
|
|
|
e3ffab |
|
|
|
e3ffab |
that.show_error();
|
|
|
e3ffab |
};
|
|
|
e3ffab |
@@ -1214,7 +1216,7 @@ exp.facet_header = IPA.facet_header = function(spec) {
|
|
|
e3ffab |
click: item.handler
|
|
|
e3ffab |
}).appendTo(bc_item);
|
|
|
e3ffab |
} else {
|
|
|
e3ffab |
- bc_item.append(item.text);
|
|
|
e3ffab |
+ bc_item.text(item.text);
|
|
|
e3ffab |
}
|
|
|
e3ffab |
return bc_item;
|
|
|
e3ffab |
};
|
|
|
e3ffab |
@@ -1823,7 +1825,7 @@ exp.table_facet = IPA.table_facet = function(spec, no_init) {
|
|
|
e3ffab |
function(xhr, text_status, error_thrown) {
|
|
|
e3ffab |
that.load_records([]);
|
|
|
e3ffab |
var summary = that.table.summary.empty();
|
|
|
e3ffab |
- summary.append(error_thrown.name+': '+error_thrown.message);
|
|
|
e3ffab |
+ summary.text(error_thrown.name+': '+error_thrown.message);
|
|
|
e3ffab |
}
|
|
|
e3ffab |
);
|
|
|
e3ffab |
};
|
|
|
e3ffab |
diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js
|
|
|
e3ffab |
index 6d3aeaaaaca11dfdaf20935e5c9084c9ed106e6c..137f11e832ff8d0b6dd1b50060f8537c7b117616 100644
|
|
|
e3ffab |
--- a/install/ui/src/freeipa/ipa.js
|
|
|
e3ffab |
+++ b/install/ui/src/freeipa/ipa.js
|
|
|
e3ffab |
@@ -1133,6 +1133,7 @@ IPA.notify = function(message, type, timeout) {
|
|
|
e3ffab |
|
|
|
e3ffab |
if (typeof message === 'string') {
|
|
|
e3ffab |
message = text.get(message);
|
|
|
e3ffab |
+ message = document.createTextNode(message);
|
|
|
e3ffab |
}
|
|
|
e3ffab |
|
|
|
e3ffab |
var notification_area = $('#notification .notification-area');
|
|
|
e3ffab |
diff --git a/install/ui/src/freeipa/rule.js b/install/ui/src/freeipa/rule.js
|
|
|
e3ffab |
index 8a2b01963b74e1892ac15127ae0050b35fe6ac27..706827190261efda136f6d1489bdb13543c00f7a 100644
|
|
|
e3ffab |
--- a/install/ui/src/freeipa/rule.js
|
|
|
e3ffab |
+++ b/install/ui/src/freeipa/rule.js
|
|
|
e3ffab |
@@ -91,7 +91,7 @@ IPA.rule_radio_widget = function(spec) {
|
|
|
e3ffab |
var param_info = IPA.get_entity_param(that.entity.name, that.name);
|
|
|
e3ffab |
var title = param_info ? param_info.doc : that.name;
|
|
|
e3ffab |
|
|
|
e3ffab |
- container.append(title + ': ');
|
|
|
e3ffab |
+ container.append(document.createTextNode(title + ': '));
|
|
|
e3ffab |
that.widget_create(container);
|
|
|
e3ffab |
that.owb_create(container);
|
|
|
e3ffab |
if (that.undo) {
|
|
|
e3ffab |
diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
|
|
|
e3ffab |
index 9240df8ef5402310ec9ceafd0b766def10c8cb48..1ef1a2bf22b735edcfcca44cfc1e69bc8d36a740 100644
|
|
|
e3ffab |
--- a/install/ui/src/freeipa/widget.js
|
|
|
e3ffab |
+++ b/install/ui/src/freeipa/widget.js
|
|
|
e3ffab |
@@ -4166,8 +4166,8 @@ IPA.link_widget = function(spec) {
|
|
|
e3ffab |
|
|
|
e3ffab |
that.values = util.normalize_value(values);
|
|
|
e3ffab |
that.value = that.values.slice(-1)[0] || '';
|
|
|
e3ffab |
- that.link.html(that.value);
|
|
|
e3ffab |
- that.nonlink.html(that.value);
|
|
|
e3ffab |
+ that.link.text(that.value);
|
|
|
e3ffab |
+ that.nonlink.text(that.value);
|
|
|
e3ffab |
that.update_link();
|
|
|
e3ffab |
that.check_entity_link();
|
|
|
e3ffab |
that.on_value_changed(values);
|
|
|
e3ffab |
--
|
|
|
e3ffab |
2.1.0
|
|
|
e3ffab |
|