From 0ea69b1312a8a1b8d7aef1431a010bf945466e5a Mon Sep 17 00:00:00 2001 From: Jared Tabor Date: Tue, 31 Mar 2015 16:19:05 -0400 Subject: [PATCH 1/2] removing aw-tooltip-ellipses this was an unused directive that needs to be removed --- awx/ui/static/js/lists/CompletedJobs.js | 3 +- awx/ui/static/js/lists/QueuedJobs.js | 3 +- awx/ui/static/js/lists/RunningJobs.js | 3 +- awx/ui/static/js/shared/directives.js | 39 -------------------- awx/ui/static/js/shared/generator-helpers.js | 6 --- 5 files changed, 3 insertions(+), 51 deletions(-) diff --git a/awx/ui/static/js/lists/CompletedJobs.js b/awx/ui/static/js/lists/CompletedJobs.js index dc7fc5e3a0..fea6d78ada 100644 --- a/awx/ui/static/js/lists/CompletedJobs.js +++ b/awx/ui/static/js/lists/CompletedJobs.js @@ -70,8 +70,7 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(completed_job.id, completed_job.nameHref)", - defaultSearchField: true, - awToolTipEllipses: "{{ completed_job.name }}" + defaultSearchField: true }, failed: { label: 'Job failed?', diff --git a/awx/ui/static/js/lists/QueuedJobs.js b/awx/ui/static/js/lists/QueuedJobs.js index c47d12f393..72ceb16b8e 100644 --- a/awx/ui/static/js/lists/QueuedJobs.js +++ b/awx/ui/static/js/lists/QueuedJobs.js @@ -62,8 +62,7 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(queued_job.id, queued_job.nameHref)", - defaultSearchField: true, - awToolTipEllipses: "{{ queued_job.name }}" + defaultSearchField: true } }, diff --git a/awx/ui/static/js/lists/RunningJobs.js b/awx/ui/static/js/lists/RunningJobs.js index 81951cb114..f66361cf35 100644 --- a/awx/ui/static/js/lists/RunningJobs.js +++ b/awx/ui/static/js/lists/RunningJobs.js @@ -63,8 +63,7 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(running_job.id, running_job.nameHref)", - defaultSearchField: true, - awToolTipEllipses: "{{ running_job.name }}" + defaultSearchField: true } }, diff --git a/awx/ui/static/js/shared/directives.js b/awx/ui/static/js/shared/directives.js index c131dc1a1f..4e6b5d3951 100644 --- a/awx/ui/static/js/shared/directives.js +++ b/awx/ui/static/js/shared/directives.js @@ -449,45 +449,6 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job }; }]) - /* - * This is a copy of awToolTip currently. - * TODO: only display these tool tips if the length of the anchor *as interpolated* to be larger than the table cell - */ - .directive('awToolTipEllipses', [ function() { - return { - link: function(scope, element, attrs) { - - var delay = (attrs.delay !== undefined && attrs.delay !== null) ? attrs.delay : ($AnsibleConfig) ? $AnsibleConfig.tooltip_delay : {show: 500, hide: 100}, - placement; - - if (attrs.awTipPlacement) { - placement = attrs.awTipPlacement; - } - else { - placement = (attrs.placement !== undefined && attrs.placement !== null) ? attrs.placement : 'left'; - } - - $(element).on('hidden.bs.tooltip', function( ) { - // TB3RC1 is leaving behind tooltip
elements. This will remove them - // after a tooltip fades away. If not, they lay overtop of other elements and - // honk up the page. - $('.tooltip').each(function() { - $(this).remove(); - }); - }); - - $(element).tooltip({ - placement: placement, - delay: delay, - html: true, - title: attrs.awToolTipEllipses, - container: 'body', - trigger: 'hover focus' - }); - } - }; - }]) - /* * Enable TB pop-overs. To add a pop-over to an element, include the following directive in * the element's attributes: diff --git a/awx/ui/static/js/shared/generator-helpers.js b/awx/ui/static/js/shared/generator-helpers.js index 25f7324833..fdb584cd8b 100644 --- a/awx/ui/static/js/shared/generator-helpers.js +++ b/awx/ui/static/js/shared/generator-helpers.js @@ -442,12 +442,6 @@ angular.module('GeneratorHelpers', [systemStatus.name]) html += (field.dataTipWatch) ? Attr(field, 'dataTipWatch') : ""; html += (field.awTipPlacement) ? Attr(field, 'awTipPlacement') : ""; } - if (field.awToolTipEllipses) { - html += Attr(field, 'awToolTipEllipses'); - html += (field.dataPlacement && !field.awPopOver) ? Attr(field, 'dataPlacement') : ""; - html += (field.dataTipWatch) ? Attr(field, 'dataTipWatch') : ""; - html += (field.awTipPlacement) ? Attr(field, 'awTipPlacement') : ""; - } if (field.awPopOver) { html += "aw-pop-over=\"" + field.awPopOver + "\" "; html += (field.dataPlacement) ? "data-placement=\"" + field.dataPlacement + "\" " : ""; From fa27d7de938ded2495a22cee8c54af2f1f618eff Mon Sep 17 00:00:00 2001 From: Jared Tabor Date: Thu, 2 Apr 2015 13:32:21 -0400 Subject: [PATCH 2/2] adding sanitizer filter for app I'm adding a sanitize filter to be used whenever we want to escape tags that are generated from user input. In addition, I created a filters folder and a filter file that imports filters into the app --- awx/ui/static/js/app.js | 1 + awx/ui/static/js/filters.js | 5 +++++ awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js | 6 ++++++ awx/ui/static/js/lists/CompletedJobs.js | 6 ++++-- awx/ui/static/js/lists/QueuedJobs.js | 6 ++++-- awx/ui/static/js/lists/RunningJobs.js | 6 ++++-- awx/ui/static/js/lists/ScheduledJobs.js | 4 ++-- awx/ui/static/js/shared/directives.js | 5 +---- 8 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 awx/ui/static/js/filters.js create mode 100644 awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js diff --git a/awx/ui/static/js/app.js b/awx/ui/static/js/app.js index 12ee00cba3..35a07963c8 100644 --- a/awx/ui/static/js/app.js +++ b/awx/ui/static/js/app.js @@ -22,6 +22,7 @@ import 'tower/forms'; import 'tower/lists'; import 'tower/widgets'; import 'tower/help'; +import 'tower/filters'; import {Home, HomeGroups, HomeHosts} from 'tower/controllers/Home'; import {SocketsController} from 'tower/controllers/Sockets'; import {Authenticate} from 'tower/controllers/Authentication'; diff --git a/awx/ui/static/js/filters.js b/awx/ui/static/js/filters.js new file mode 100644 index 0000000000..ecf681eeee --- /dev/null +++ b/awx/ui/static/js/filters.js @@ -0,0 +1,5 @@ +import sanitizeFilters from 'tower/filters/sanitize/xss-sanitizer.filter'; + +export { + sanitizeFilters +}; diff --git a/awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js b/awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js new file mode 100644 index 0000000000..40689805d1 --- /dev/null +++ b/awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js @@ -0,0 +1,6 @@ +angular.module('sanitizeFilter', []).filter('sanitize', function() { + return function(input) { + input = input.replace(//g, ">"); + return input; + }; +}); diff --git a/awx/ui/static/js/lists/CompletedJobs.js b/awx/ui/static/js/lists/CompletedJobs.js index fea6d78ada..98dd70d6a1 100644 --- a/awx/ui/static/js/lists/CompletedJobs.js +++ b/awx/ui/static/js/lists/CompletedJobs.js @@ -9,7 +9,7 @@ export default - angular.module('CompletedJobsDefinition', []) + angular.module('CompletedJobsDefinition', ['sanitizeFilter']) .value( 'CompletedJobsList', { name: 'completed_jobs', @@ -70,7 +70,9 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(completed_job.id, completed_job.nameHref)", - defaultSearchField: true + defaultSearchField: true, + awToolTip: "{{ completed_job.name | sanitize }}", + dataPlacement: 'top' }, failed: { label: 'Job failed?', diff --git a/awx/ui/static/js/lists/QueuedJobs.js b/awx/ui/static/js/lists/QueuedJobs.js index 72ceb16b8e..3bc7533127 100644 --- a/awx/ui/static/js/lists/QueuedJobs.js +++ b/awx/ui/static/js/lists/QueuedJobs.js @@ -9,7 +9,7 @@ export default - angular.module('QueuedJobsDefinition', []) + angular.module('QueuedJobsDefinition', ['sanitizeFilter']) .value( 'QueuedJobsList', { name: 'queued_jobs', @@ -62,7 +62,9 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(queued_job.id, queued_job.nameHref)", - defaultSearchField: true + defaultSearchField: true, + awToolTip: "{{ queued_job.name | sanitize }}", + awTipPlacement: "top" } }, diff --git a/awx/ui/static/js/lists/RunningJobs.js b/awx/ui/static/js/lists/RunningJobs.js index f66361cf35..f4e8d656fa 100644 --- a/awx/ui/static/js/lists/RunningJobs.js +++ b/awx/ui/static/js/lists/RunningJobs.js @@ -9,7 +9,7 @@ export default - angular.module('RunningJobsDefinition', []) + angular.module('RunningJobsDefinition', ['sanitizeFilter']) .value( 'RunningJobsList', { name: 'running_jobs', @@ -63,7 +63,9 @@ export default label: 'Name', columnClass: 'col-md-3 col-sm-4 col-xs-4', ngClick: "viewJobLog(running_job.id, running_job.nameHref)", - defaultSearchField: true + defaultSearchField: true, + awToolTip: "{{ running_job.name | sanitize }}", + awTipPlacement: "top" } }, diff --git a/awx/ui/static/js/lists/ScheduledJobs.js b/awx/ui/static/js/lists/ScheduledJobs.js index e8c8628342..08d470af43 100644 --- a/awx/ui/static/js/lists/ScheduledJobs.js +++ b/awx/ui/static/js/lists/ScheduledJobs.js @@ -9,7 +9,7 @@ export default - angular.module('ScheduledJobsDefinition', []) + angular.module('ScheduledJobsDefinition', ['sanitizeFilter']) .value( 'ScheduledJobsList', { name: 'schedules', @@ -62,7 +62,7 @@ export default sourceModel: 'unified_job_template', sourceField: 'name', ngClick: "editSchedule(schedule.id)", - awToolTip: "{{ schedule.nameTip }}", + awToolTip: "{{ schedule.nameTip | sanitize}}", dataPlacement: "top", defaultSearchField: true } diff --git a/awx/ui/static/js/shared/directives.js b/awx/ui/static/js/shared/directives.js index 4e6b5d3951..93b27bdd51 100644 --- a/awx/ui/static/js/shared/directives.js +++ b/awx/ui/static/js/shared/directives.js @@ -402,7 +402,7 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job * Include the standard TB data-XXX attributes to controll a tooltip's appearance. We will * default placement to the left and delay to the config setting. */ - .directive('awToolTip', ['$sce', function($sce) { + .directive('awToolTip', [ function() { return { link: function(scope, element, attrs) { var delay = (attrs.delay !== undefined && attrs.delay !== null) ? attrs.delay : ($AnsibleConfig) ? $AnsibleConfig.tooltip_delay : {show: 500, hide: 100}, @@ -423,9 +423,6 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job }); }); - attrs.awToolTip = attrs.awToolTip.replace(//g, ">"); - attrs.awToolTip = $sce.getTrustedHtml(attrs.awToolTip); $(element).tooltip({ placement: placement, delay: delay,