mirror of
https://github.com/ansible/awx.git
synced 2026-07-05 05:18:02 -02:30
Survey maker/taker html tag injection
Fixed a defect in which the user could inject html tags into the survey maker, which could in turn show up in survey taker.
This commit is contained in:
@@ -446,6 +446,11 @@ function($location, Wait, GetBasePath, LookUpInit, JobTemplateForm, CredentialLi
|
||||
|
||||
function buildHtml(question, index){
|
||||
question.index = index;
|
||||
question.question_name = question.question_name.replace(/</g, "<");
|
||||
question.question_name = question.question_name.replace(/>/g, ">");
|
||||
question.question_description = (question.question_description) ? question.question_description.replace(/</g, "<") : undefined;
|
||||
question.question_description = (question.question_description) ? question.question_description.replace(/>/g, ">") : undefined;
|
||||
|
||||
|
||||
requiredAsterisk = (question.required===true) ? "prepend-asterisk" : "";
|
||||
requiredClasses = (question.required===true) ? "ng-pristine ng-invalid-required ng-invalid" : "";
|
||||
@@ -456,6 +461,9 @@ function($location, Wait, GetBasePath, LookUpInit, JobTemplateForm, CredentialLi
|
||||
if(!Empty(question.question_description)){
|
||||
html += '<div class="survey_taker_description"><i>'+question.question_description+'</i></div>\n';
|
||||
}
|
||||
|
||||
question.default = (question.default) ? question.default.replace(/</g, "<") : undefined;
|
||||
question.default = (question.default) ? question.default.replace(/>/g, ">") : undefined;
|
||||
scope[question.variable] = question.default;
|
||||
|
||||
if(question.type === 'text' ){
|
||||
@@ -493,6 +501,8 @@ function($location, Wait, GetBasePath, LookUpInit, JobTemplateForm, CredentialLi
|
||||
html+='<div class="survey_taker_input" > ';
|
||||
for( j = 0; j<choices.length; j++){
|
||||
checked = (!Empty(question.default) && question.default.indexOf(choices[j])!==-1) ? "checked" : "";
|
||||
choices[j] = choices[j].replace(/</g, "<");
|
||||
choices[j] = choices[j].replace(/>/g, ">");
|
||||
html+= '<input type="'+element+'" class="mc" ng-model="'+question.variable+'" ng-required="'+question.required+'" name="'+question.variable+ ' " id="'+question.variable+'" value=" '+choices[j]+' " '+checked+' >' +
|
||||
'<span>'+choices[j] +'</span><br>' ;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user