mirror of
https://github.com/ansible/awx.git
synced 2026-01-13 11:00:03 -03:30
Merge pull request #21 from mabashian/7254-xss
xss tooltip vulnerability fixes
This commit is contained in:
Michael Abashian
GitHub
commit
b9b37f4ca9
@ -7,10 +7,10 @@
|
||||
/* jshint unused: vars */
|
||||
export default ['$compile', 'i18n', 'generateList',
|
||||
'ProjectList', 'TemplateList', 'InventoryList', 'CredentialList',
|
||||
'OrganizationList',
|
||||
'OrganizationList', '$window',
|
||||
function($compile, i18n, generateList,
|
||||
ProjectList, TemplateList, InventoryList, CredentialList,
|
||||
OrganizationList) {
|
||||
OrganizationList, $window) {
|
||||
return {
|
||||
restrict: 'E',
|
||||
scope: {
|
||||
@ -42,6 +42,7 @@ export default ['$compile', 'i18n', 'generateList',
|
||||
name: list.fields.name,
|
||||
scm_type: list.fields.scm_type
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("project", project)';
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
list.fields.scm_type.columnClass = 'col-md-5 col-sm-5 hidden-xs';
|
||||
break;
|
||||
@ -50,6 +51,7 @@ export default ['$compile', 'i18n', 'generateList',
|
||||
name: list.fields.name,
|
||||
organization: list.fields.organization
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("inventory", inventory)';
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
list.fields.organization.columnClass = 'col-md-5 col-sm-5 hidden-xs';
|
||||
break;
|
||||
@ -60,6 +62,7 @@ export default ['$compile', 'i18n', 'generateList',
|
||||
name: list.fields.name
|
||||
};
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
list.fields.name.ngClick = 'linkoutResource("job_template", job_template)';
|
||||
break;
|
||||
case 'workflow_templates':
|
||||
list.name = 'workflow_job_templates';
|
||||
@ -68,12 +71,20 @@ export default ['$compile', 'i18n', 'generateList',
|
||||
name: list.fields.name
|
||||
};
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
list.fields.name.ngClick = 'linkoutResource("workflow_job_template", workflow_job_template)';
|
||||
break;
|
||||
case 'credentials':
|
||||
list.fields = {
|
||||
name: list.fields.name
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("credential", credential)';
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
break;
|
||||
case 'organizations':
|
||||
list.fields = {
|
||||
name: list.fields.name
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("organization", organization)';
|
||||
list.fields.name.columnClass = 'col-md-5 col-sm-5 col-xs-10';
|
||||
break;
|
||||
}
|
||||
@ -126,6 +137,40 @@ export default ['$compile', 'i18n', 'generateList',
|
||||
multiselect_scope[type][deselectedIdx].isSelected = false;
|
||||
};
|
||||
|
||||
scope.linkoutResource = function(type, resource) {
|
||||
|
||||
let url;
|
||||
|
||||
switch(type){
|
||||
case 'project':
|
||||
url = "/#/projects/" + resource.id;
|
||||
break;
|
||||
case 'inventory':
|
||||
url = resource.kind && resource.kind === "smart" ? "/#/inventories/smart/" + resource.id : "/#/inventories/inventory/" + resource.id;
|
||||
break;
|
||||
case 'job_template':
|
||||
url = "/#/templates/job_template/" + resource.id;
|
||||
break;
|
||||
case 'workflow_job_template':
|
||||
url = "/#/templates/workflow_job_template/" + resource.id;
|
||||
break;
|
||||
case 'user':
|
||||
url = "/#/users/" + resource.id;
|
||||
break;
|
||||
case 'team':
|
||||
url = "/#/teams/" + resource.id;
|
||||
break;
|
||||
case 'organization':
|
||||
url = "/#/organizations/" + resource.id;
|
||||
break;
|
||||
case 'credential':
|
||||
url = "/#/credentials/" + resource.id;
|
||||
break;
|
||||
}
|
||||
|
||||
$window.open(url,'_blank');
|
||||
};
|
||||
|
||||
element.append(list_html);
|
||||
$compile(element.contents())(scope);
|
||||
}
|
||||
|
||||
@ -71,7 +71,6 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("job_template", job_template)';
|
||||
list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11';
|
||||
list.fields.name.ngHref = '#/templates/job_template/{{job_template.id}}';
|
||||
break;
|
||||
|
||||
case 'WorkflowTemplates':
|
||||
@ -83,7 +82,6 @@ export default ['addPermissionsTeamsList', 'addPermissionsUsersList', 'TemplateL
|
||||
};
|
||||
list.fields.name.ngClick = 'linkoutResource("workflow_job_template", workflow_template)';
|
||||
list.fields.name.columnClass = 'col-md-6 col-sm-6 col-xs-11';
|
||||
list.fields.name.ngHref = '#/templates/workflow_job_template/{{workflow_template.id}}';
|
||||
break;
|
||||
case 'Users':
|
||||
list.fields = {
|
||||
|
||||
@ -21,7 +21,7 @@ export default ['i18n', function(i18n){
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-md-3 col-sm-9 col-xs-9',
|
||||
modalColumnClass: 'col-md-8',
|
||||
awToolTip: '{{credential_type.description}}',
|
||||
awToolTip: '{{credential_type.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
kind: {
|
||||
|
||||
@ -26,7 +26,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-md-3 col-sm-9 col-xs-9',
|
||||
modalColumnClass: 'col-md-12',
|
||||
awToolTip: '{{credential.description}}',
|
||||
awToolTip: '{{credential.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
kind: {
|
||||
|
||||
@ -47,7 +47,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-md-4 col-sm-3 col-xs-6 List-staticColumnAdjacent',
|
||||
modalColumnClass: 'col-md-12',
|
||||
awToolTip: "{{ inventory.description }}",
|
||||
awToolTip: "{{ inventory.description | sanitize }}",
|
||||
awTipPlacement: "top",
|
||||
ngClick: 'editInventory(inventory)'
|
||||
},
|
||||
|
||||
@ -20,7 +20,7 @@ export default ['i18n', function(i18n){
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-md-3 col-sm-9 col-xs-9',
|
||||
modalColumnClass: 'col-md-8',
|
||||
awToolTip: '{{inventory_script.description}}',
|
||||
awToolTip: '{{inventory_script.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
organization: {
|
||||
|
||||
@ -16,7 +16,7 @@ export default function(){
|
||||
name: {
|
||||
label: 'Name',
|
||||
columnClass: 'col-sm-4 col-xs-4',
|
||||
awToolTip: '{{configure_job.description}}',
|
||||
awToolTip: '{{configure_job.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
}
|
||||
},
|
||||
|
||||
@ -32,7 +32,7 @@ export default ['i18n', function(i18n){
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-md-3 col-sm-9 col-xs-9',
|
||||
linkTo: '/#/notification_templates/{{notification_template.id}}',
|
||||
awToolTip: '{{notification_template.description}}',
|
||||
awToolTip: '{{notification_template.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
notification_type: {
|
||||
|
||||
@ -52,7 +52,7 @@
|
||||
ng-repeat="card in orgCards track by card.id">
|
||||
<div class="OrgCards-header">
|
||||
<h3 class="OrgCards-label"
|
||||
aw-tool-tip="{{ card.description || 'Place organization description here' }}"
|
||||
aw-tool-tip="{{ (card.description || 'Place organization description here') | sanitize }}"
|
||||
aw-tip-placement="top">
|
||||
{{ card.name }}
|
||||
</h3>
|
||||
|
||||
@ -22,7 +22,7 @@ export default [function() {
|
||||
key: true,
|
||||
label: 'Name',
|
||||
columnClass: 'col-lg-4 col-md-6 col-sm-8 col-xs-8',
|
||||
awToolTip: '{{organization.description}}',
|
||||
awToolTip: '{{organization.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
},
|
||||
|
||||
@ -23,7 +23,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-lg-5 col-md-5 col-sm-9 col-xs-8',
|
||||
linkTo: '/#/templates/job_template/{{job_template.id}}',
|
||||
awToolTip: '{{job_template.description}}',
|
||||
awToolTip: '{{job_template.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
}
|
||||
},
|
||||
|
||||
@ -37,7 +37,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: "col-lg-4 col-md-4 col-sm-5 col-xs-7 List-staticColumnAdjacent",
|
||||
modalColumnClass: 'col-md-8',
|
||||
awToolTip: '{{project.description}}',
|
||||
awToolTip: '{{project.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
scm_type: {
|
||||
|
||||
@ -23,7 +23,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-lg-3 col-md-4 col-sm-9 col-xs-9',
|
||||
modalColumnClass: 'col-md-8',
|
||||
awToolTip: '{{team.description}}',
|
||||
awToolTip: '{{team.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
organization: {
|
||||
|
||||
@ -24,7 +24,7 @@ export default ['i18n', function(i18n) {
|
||||
label: i18n._('Name'),
|
||||
columnClass: 'col-lg-2 col-md-2 col-sm-4 col-xs-9',
|
||||
ngHref: '#/templates/{{template.type}}/{{template.id}}',
|
||||
awToolTip: '{{template.description}}',
|
||||
awToolTip: '{{template.description | sanitize}}',
|
||||
dataPlacement: 'top'
|
||||
},
|
||||
type: {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user