External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-16 20:30:46 -03:30
Code Issues Packages Projects Releases Wiki Activity

Scrubbing delete modals for XSS vulnerabilities

Browse Source
This commit is contained in:
Jared Tabor 2016-06-30 12:11:41 -07:00
parent a0dd159f3b
commit f20fd7d459
18 changed files with 70 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
awx/ui/client/src/controllers/Credentials.js
View File

@ -14,7 +14,7 @@
export function CredentialsList($scope, $rootScope, $location, $log,
$stateParams, Rest, Alert, CredentialList, GenerateList, Prompt, SearchInit,
PaginateInit, ReturnToCaller, ClearScope, ProcessErrors, GetBasePath,
SelectionInit, GetChoices, Wait, $state) {
SelectionInit, GetChoices, Wait, $state, $filter) {
ClearScope();
Wait('start');
@ -116,7 +116,7 @@ export function CredentialsList($scope, $rootScope, $location, $log,
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the credential below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the credential below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});
@ -129,7 +129,7 @@ CredentialsList.$inject = ['$scope', '$rootScope', '$location', '$log',
'$stateParams', 'Rest', 'Alert', 'CredentialList', 'generateList', 'Prompt',
'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope',
'ProcessErrors', 'GetBasePath', 'SelectionInit', 'GetChoices', 'Wait',
'$state',
'$state', '$filter'
];

2
awx/ui/client/src/controllers/Projects.js
View File

@ -260,7 +260,7 @@ export function ProjectsList ($scope, $rootScope, $location, $log, $stateParams,
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the project below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the project below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});

6
awx/ui/client/src/controllers/Teams.js
View File

@ -14,7 +14,7 @@
export function TeamsList($scope, $rootScope, $location, $log, $stateParams,
Rest, Alert, TeamList, GenerateList, Prompt, SearchInit, PaginateInit,
ReturnToCaller, ClearScope, ProcessErrors, SetTeamListeners, GetBasePath,
SelectionInit, Wait, $state, Refresh) {
SelectionInit, Wait, $state, Refresh, $filter) {
ClearScope();
@ -115,7 +115,7 @@ export function TeamsList($scope, $rootScope, $location, $log, $stateParams,
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the team below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the team below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});
@ -126,7 +126,7 @@ TeamsList.$inject = ['$scope', '$rootScope', '$location', '$log',
'$stateParams', 'Rest', 'Alert', 'TeamList', 'generateList', 'Prompt',
'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope',
'ProcessErrors', 'SetTeamListeners', 'GetBasePath', 'SelectionInit', 'Wait',
'$state', 'Refresh'
'$state', 'Refresh', '$filter'
];

6
awx/ui/client/src/controllers/Users.js
View File

@ -34,7 +34,7 @@ function user_type_sync($scope) {
export function UsersList($scope, $rootScope, $location, $log, $stateParams,
Rest, Alert, UserList, GenerateList, Prompt, SearchInit, PaginateInit,
ReturnToCaller, ClearScope, ProcessErrors, GetBasePath, SelectionInit,
Wait, $state, Refresh) {
Wait, $state, Refresh, $filter) {
ClearScope();
@ -125,7 +125,7 @@ export function UsersList($scope, $rootScope, $location, $log, $stateParams,
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the user below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the user below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});
@ -136,7 +136,7 @@ UsersList.$inject = ['$scope', '$rootScope', '$location', '$log',
'$stateParams', 'Rest', 'Alert', 'UserList', 'generateList', 'Prompt',
'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope',
'ProcessErrors', 'GetBasePath', 'SelectionInit', 'Wait', '$state',
'Refresh'
'Refresh', '$filter'
];

15
awx/ui/client/src/helpers/Jobs.js
View File

@ -215,8 +215,11 @@ export default
* Called from JobsList controller to load each section or list on the page
*
*/
.factory('LoadJobsScope', ['$stateParams', '$location', '$compile', 'SearchInit', 'PaginateInit', 'generateList', 'JobsControllerInit', 'JobsListUpdate',
function($stateParams, $location, $compile, SearchInit, PaginateInit, GenerateList, JobsControllerInit, JobsListUpdate) {
.factory('LoadJobsScope', ['$stateParams', '$location', '$compile',
'SearchInit', 'PaginateInit', 'generateList', 'JobsControllerInit',
'JobsListUpdate',
function($stateParams, $location, $compile, SearchInit, PaginateInit,
GenerateList, JobsControllerInit, JobsListUpdate) {
return function(params) {
var parent_scope = params.parent_scope,
scope = params.scope,
@ -277,8 +280,10 @@ export default
};
}])
.factory('DeleteJob', ['Find', 'GetBasePath', 'Rest', 'Wait', 'ProcessErrors', 'Prompt', 'Alert',
function(Find, GetBasePath, Rest, Wait, ProcessErrors, Prompt, Alert){
.factory('DeleteJob', ['Find', 'GetBasePath', 'Rest', 'Wait',
'ProcessErrors', 'Prompt', 'Alert', '$filter',
function(Find, GetBasePath, Rest, Wait, ProcessErrors, Prompt, Alert,
$filter){
return function(params) {
var scope = params.scope,
id = params.id,
@ -376,7 +381,7 @@ export default
}
scope.removeCancelJob = scope.$on('CancelJob', function() {
var cancelBody = "<div class=\"Prompt-bodyQuery\">Submit the request to cancel?</div>";
var deleteBody = "<div class=\"Prompt-bodyQuery\">Are you sure you want to delete the job below?</div><div class=\"Prompt-bodyTarget\">#" + id + " " + job.name + "</div>";
var deleteBody = "<div class=\"Prompt-bodyQuery\">Are you sure you want to delete the job below?</div><div class=\"Prompt-bodyTarget\">#" + id + " " + $filter('sanitize')(job.name) + "</div>";
Prompt({
hdr: hdr,
body: (action_label === 'cancel' || job.status === 'new') ? cancelBody : deleteBody,

8
awx/ui/client/src/helpers/Schedules.js
View File

@ -429,8 +429,10 @@ export default
* })
*
*/
.factory('DeleteSchedule', ['GetBasePath','Rest', 'Wait', 'ProcessErrors', 'Prompt', 'Find', '$location',
function(GetBasePath, Rest, Wait, ProcessErrors, Prompt, Find, $location) {
.factory('DeleteSchedule', ['GetBasePath','Rest', 'Wait',
'ProcessErrors', 'Prompt', 'Find', '$location', '$filter',
function(GetBasePath, Rest, Wait, ProcessErrors, Prompt, Find,
$location, $filter) {
return function(params) {
var scope = params.scope,
@ -474,7 +476,7 @@ export default
Prompt({
hdr: hdr,
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the schedule below?</div><div class="Prompt-bodyTarget">' + schedule.name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the schedule below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(schedule.name) + '</div>',
action: action,
actionText: 'DELETE',
backdrop: false

7
awx/ui/client/src/inventories/edit/inventory-edit.controller.js
View File

@ -15,7 +15,8 @@ function InventoriesEdit($scope, $rootScope, $compile, $location,
ReturnToCaller, ClearScope, generateList, OrganizationList, SearchInit,
PaginateInit, LookUpInit, GetBasePath, ParseTypeChange, Wait, ToJSON,
ParseVariableString, RelatedSearchInit, RelatedPaginateInit,
Prompt, InitiatePlaybookRun, CreateDialog, deleteJobTemplate, $state) {
Prompt, InitiatePlaybookRun, CreateDialog, deleteJobTemplate, $state,
$filter) {
ClearScope();
@ -312,7 +313,7 @@ function InventoriesEdit($scope, $rootScope, $compile, $location,
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the job template below?</div><div class="Prompt-bodyTarget">' + this.scan_job_template.name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the job template below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(this.scan_job_template.name) + '</div>',
action: action,
actionText: 'DELETE'
});
@ -328,5 +329,5 @@ export default ['$scope', '$rootScope', '$compile', '$location',
'GetBasePath', 'ParseTypeChange', 'Wait', 'ToJSON', 'ParseVariableString',
'RelatedSearchInit', 'RelatedPaginateInit', 'Prompt',
'InitiatePlaybookRun', 'CreateDialog', 'deleteJobTemplate', '$state',
InventoriesEdit,
'$filter', InventoriesEdit,
];

6
awx/ui/client/src/inventories/manage/hosts/hosts-list.controller.js
View File

@ -5,9 +5,9 @@
*************************************************/
export default
['$scope', '$rootScope', '$state', '$stateParams', 'InventoryHosts', 'generateList', 'InventoryManageService', 'HostManageService',
'hostsUrl', 'SearchInit', 'PaginateInit', 'SetStatus', 'Prompt', 'Wait', 'inventoryData',
'hostsUrl', 'SearchInit', 'PaginateInit', 'SetStatus', 'Prompt', 'Wait', 'inventoryData', '$filter',
function($scope, $rootScope, $state, $stateParams, InventoryHosts, generateList, InventoryManageService, HostManageService,
hostsUrl, SearchInit, PaginateInit, SetStatus, Prompt, Wait, inventoryData){
hostsUrl, SearchInit, PaginateInit, SetStatus, Prompt, Wait, inventoryData, $filter){
var list = InventoryHosts,
view = generateList,
pageSize = 20;
@ -27,7 +27,7 @@
$state.go('inventoryManage.editHost', {host_id: id});
};
$scope.deleteHost = function(id, name){
var body = '<div class=\"Prompt-bodyQuery\">Are you sure you want to permanently delete the host below from the inventory?</div><div class=\"Prompt-bodyTarget\">' + name + '</div>';
var body = '<div class=\"Prompt-bodyQuery\">Are you sure you want to permanently delete the host below from the inventory?</div><div class=\"Prompt-bodyTarget\">' + $filter('sanitize')(name) + '</div>';
var action = function(){
delete $rootScope.promptActionBtnClass;
Wait('start');

8
awx/ui/client/src/inventory-scripts/list/list.controller.js
View File

@ -6,12 +6,12 @@
export default
[ '$rootScope','Wait', 'generateList', 'inventoryScriptsListObject',
'GetBasePath' , 'SearchInit' , 'PaginateInit',
'Rest' , 'ProcessErrors', 'Prompt', '$state',
'GetBasePath' , 'SearchInit' , 'PaginateInit', 'Rest' , 'ProcessErrors',
'Prompt', '$state', '$filter',
function(
$rootScope,Wait, GenerateList, inventoryScriptsListObject,
GetBasePath, SearchInit, PaginateInit,
Rest, ProcessErrors, Prompt, $state
Rest, ProcessErrors, Prompt, $state, $filter
) {
var scope = $rootScope.$new(),
defaultUrl = GetBasePath('inventory_scripts'),
@ -70,7 +70,7 @@ export default
});
};
var bodyHtml = '<div class="Prompt-bodyQuery">Are you sure you want to delete the inventory script below?</div><div class="Prompt-bodyTarget">' + name + '</div>';
var bodyHtml = '<div class="Prompt-bodyQuery">Are you sure you want to delete the inventory script below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>';
Prompt({
hdr: 'Delete',
body: bodyHtml,

2
awx/ui/client/src/job-templates/labels/labelsList.directive.js
View File

@ -67,7 +67,7 @@ export default
};
Prompt({
hdr: 'Remove Label from ' + templateName,
hdr: 'Remove Label from <span class="Prompt-titleTarget">' + templateName + "</span>",
body: '<div class="Prompt-bodyQuery">Confirm the removal of the <span class="Prompt-emphasis">' + $filter('sanitize')(labelName) + '</span> label.</div>',
action: action,
actionText: 'REMOVE'

2
awx/ui/client/src/notifications/notification-templates-list/list.controller.js
View File

@ -224,7 +224,7 @@ export default
msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status });
});
};
var bodyHtml = '<div class="Prompt-bodyQuery">Are you sure you want to delete the notification template below?</div><div class="Prompt-bodyTarget">' + name + '</div>';
var bodyHtml = '<div class="Prompt-bodyQuery">Are you sure you want to delete the notification template below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>';
Prompt({
hdr: 'Delete',
body: bodyHtml,

12
awx/ui/client/src/organizations/linkout/controllers/organizations-admins.controller.js
View File

@ -4,10 +4,12 @@
* All Rights Reserved
*************************************************/
export default ['$stateParams', '$scope', 'UserList', 'Rest', '$state', 'generateList', '$compile',
'SearchInit', 'PaginateInit', 'Wait', 'Prompt', 'ProcessErrors', 'GetBasePath',
function($stateParams, $scope, UserList, Rest, $state, GenerateList, $compile,
SearchInit, PaginateInit, Wait, Prompt, ProcessErrors, GetBasePath) {
export default ['$stateParams', '$scope', 'UserList', 'Rest', '$state',
'generateList', '$compile', 'SearchInit', 'PaginateInit', 'Wait',
'Prompt', 'ProcessErrors', 'GetBasePath', '$filter',
function($stateParams, $scope, UserList, Rest, $state, GenerateList,
$compile, SearchInit, PaginateInit, Wait, Prompt, ProcessErrors,
GetBasePath, $filter) {
var list,
url,
@ -88,7 +90,7 @@ export default ['$stateParams', '$scope', 'UserList', 'Rest', '$state', 'generat
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to remove the following administrator from this organization?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to remove the following administrator from this organization?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});

12
awx/ui/client/src/organizations/linkout/controllers/organizations-users.controller.js
View File

@ -4,10 +4,12 @@
* All Rights Reserved
*************************************************/
export default ['$stateParams', '$scope', 'UserList', 'Rest', '$state', 'generateList', '$compile',
'SearchInit', 'PaginateInit', 'Wait', 'Prompt', 'ProcessErrors', 'GetBasePath',
function($stateParams, $scope, UserList, Rest, $state, GenerateList, $compile,
SearchInit, PaginateInit, Wait, Prompt, ProcessErrors, GetBasePath) {
export default ['$stateParams', '$scope', 'UserList', 'Rest', '$state',
'generateList', '$compile', 'SearchInit', 'PaginateInit', 'Wait',
'Prompt', 'ProcessErrors', 'GetBasePath', '$filter',
function($stateParams, $scope, UserList, Rest, $state, GenerateList,
$compile,SearchInit, PaginateInit, Wait, Prompt, ProcessErrors,
GetBasePath, $filter) {
var list,
url,
@ -87,7 +89,7 @@
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to remove the following user from this organization?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to remove the following user from this organization?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});

6
awx/ui/client/src/organizations/list/organizations-list.controller.js
View File

@ -8,12 +8,12 @@ export default ['$stateParams', '$scope', '$rootScope', '$location',
'$log', '$compile', 'Rest', 'PaginateInit',
'SearchInit', 'OrganizationList', 'Alert', 'Prompt', 'ClearScope',
'ProcessErrors', 'GetBasePath', 'Wait',
'$state', 'generateList', 'Refresh',
'$state', 'generateList', 'Refresh', '$filter',
function($stateParams, $scope, $rootScope, $location,
$log, $compile, Rest, PaginateInit,
SearchInit, OrganizationList, Alert, Prompt, ClearScope,
ProcessErrors, GetBasePath, Wait,
$state, generateList, Refresh) {
$state, generateList, Refresh, $filter) {
ClearScope();
@ -144,7 +144,7 @@ export default ['$stateParams', '$scope', '$rootScope', '$location',
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the organization below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the organization below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});

13
awx/ui/client/src/permissions/list/list.controller.js
View File

@ -12,8 +12,15 @@
export default
['$scope', '$rootScope', '$location', '$log', '$stateParams', 'Rest', 'Alert', 'permissionsList', 'generateList', 'Prompt', 'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors', 'GetBasePath', 'CheckAccess', 'Wait', 'fieldChoices', 'fieldLabels', 'permissionsSearchSelect',
function ($scope, $rootScope, $location, $log, $stateParams, Rest, Alert, permissionsList, GenerateList, Prompt, SearchInit, PaginateInit, ReturnToCaller, ClearScope, ProcessErrors, GetBasePath, CheckAccess, Wait, fieldChoices, fieldLabels, permissionsSearchSelect) {
['$scope', '$rootScope', '$location', '$log', '$stateParams', 'Rest',
'Alert', 'permissionsList', 'generateList', 'Prompt', 'SearchInit',
'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors',
'GetBasePath', 'CheckAccess', 'Wait', 'fieldChoices', 'fieldLabels',
'permissionsSearchSelect', '$filter',
function ($scope, $rootScope, $location, $log, $stateParams, Rest,
Alert, permissionsList, GenerateList, Prompt, SearchInit, PaginateInit,
ReturnToCaller, ClearScope, ProcessErrors, GetBasePath, CheckAccess,
Wait, fieldChoices, fieldLabels, permissionsSearchSelect, $filter) {
ClearScope();
@ -127,7 +134,7 @@ export default
if ($scope.PermissionAddAllowed) {
Prompt({
hdr: 'Delete',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the permission below?</div><div class="Prompt-bodyTarget">' + name + '</div>',
body: '<div class="Prompt-bodyQuery">Are you sure you want to delete the permission below?</div><div class="Prompt-bodyTarget">' + $filter('sanitize')(name) + '</div>',
action: action,
actionText: 'DELETE'
});

1
awx/ui/client/src/shared/list-generator/list-generator.factory.js
View File

@ -548,7 +548,6 @@ export default ['$location', '$compile', '$rootScope', 'SearchWidget', 'Paginate
innerTable += (field_action === 'delete') ? "List-actionButton--delete" : "";
innerTable += (field_action === 'cancel') ? "cancel red-txt" : "";
innerTable += "\" ";
// debugger;
// rowBeingEdited === '{{ " + list.iterator + ".id }}' && listBeingEdited === '" + list.name + "' ? 'List-tableRow--selected' : ''";
innerTable += (field_action === 'edit') ? "ng-class=\"[rowBeingEdited === '{{ " + list.iterator + ".id }}' && listBeingEdited === '" + list.name + "' ? 'List-editButton--selected' : '']\"" : "";
innerTable += (fAction.awPopOver) ? "aw-pop-over=\"" + fAction.awPopOver + "\" " : "";

4
awx/ui/client/src/shared/prompt/prompt.less
View File

@ -1,5 +1,9 @@
@import "awx/ui/client/src/shared/branding/colors.default.less";
.Prompt-titleTarget {
word-break: break-word;
}
.Prompt-bodyQuery {
margin-bottom: 20px;
color: @default-interface-txt;

2
awx/ui/client/src/shared/xss-sanitizer.filter.js
View File

@ -6,7 +6,7 @@
angular.module('sanitizeFilter', []).filter('sanitize', function() {
return function(input) {
input = input.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/'/g, "&apos;").replace(/"/g, "&quot;");
input = $("<span>").text(input)[0].innerHTML;
return input;
};
});