Skip to content

O
origin-web-common
Commit 9d816ff7 by Samuel Padgett
Options

Sanitize HTML output for log viewer 

Fixes CVE-2017-7534
parent 3d277993
Showing with 27 additions and 27 deletions
dist/origin-web-common-ui.js
......@@ -2604,7 +2604,7 @@ angular.module('openshiftCommonUI').factory('GuidedTourService', function() {
'use strict';
angular.module("openshiftCommonUI")
.factory("HTMLService", function(BREAKPOINTS) {
.factory("HTMLService", function($sanitize, BREAKPOINTS) {
var WINDOW_SIZE_XXS = 'xxs';
var WINDOW_SIZE_XS = 'xs';
var WINDOW_SIZE_SM = 'sm';
......@@ -2694,13 +2694,13 @@ angular.module("openshiftCommonUI")
}
// Replace any URLs with links.
return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
if (target) {
return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
}
return "<a href=\"" + str + "\">" + str + "</a>";
});
}));
}
};
});
......
dist/origin-web-common.js
......@@ -5850,7 +5850,7 @@ angular.module('openshiftCommonUI').factory('GuidedTourService', function() {
'use strict';
angular.module("openshiftCommonUI")
.factory("HTMLService", ["BREAKPOINTS", function(BREAKPOINTS) {
.factory("HTMLService", ["$sanitize", "BREAKPOINTS", function($sanitize, BREAKPOINTS) {
var WINDOW_SIZE_XXS = 'xxs';
var WINDOW_SIZE_XS = 'xs';
var WINDOW_SIZE_SM = 'sm';
......@@ -5940,13 +5940,13 @@ angular.module("openshiftCommonUI")
}
// Replace any URLs with links.
return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
if (target) {
return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
}
return "<a href=\"" + str + "\">" + str + "</a>";
});
}));
}
};
}]);
......
dist/origin-web-common.min.js
......@@ -2524,7 +2524,7 @@ closeTooltip: "x"
},
cancelTour: u
};
}), angular.module("openshiftCommonUI").factory("HTMLService", [ "BREAKPOINTS", function(e) {
}), angular.module("openshiftCommonUI").factory("HTMLService", [ "$sanitize", "BREAKPOINTS", function(e, t) {
return {
WINDOW_SIZE_XXS: "xxs",
WINDOW_SIZE_XS: "xs",
......@@ -2532,51 +2532,51 @@ WINDOW_SIZE_SM: "sm",
WINDOW_SIZE_MD: "md",
WINDOW_SIZE_LG: "lg",
getBreakpoint: function() {
return window.innerWidth < e.screenXsMin ? "xxs" : window.innerWidth < e.screenSmMin ? "xs" : window.innerWidth < e.screenMdMin ? "sm" : window.innerWidth < e.screenLgMin ? "md" : "lg";
return window.innerWidth < t.screenXsMin ? "xxs" : window.innerWidth < t.screenSmMin ? "xs" : window.innerWidth < t.screenMdMin ? "sm" : window.innerWidth < t.screenLgMin ? "md" : "lg";
},
isWindowBelowBreakpoint: function(t) {
switch (t) {
isWindowBelowBreakpoint: function(e) {
switch (e) {
case "xxs":
return !1;
case "xs":
return window.innerWidth < e.screenXsMin;
return window.innerWidth < t.screenXsMin;
case "sm":
return window.innerWidth < e.screenSmMin;
return window.innerWidth < t.screenSmMin;
case "md":
return window.innerWidth < e.screenMdMin;
return window.innerWidth < t.screenMdMin;
case "lg":
return window.innerWidth < e.screenLgMin;
return window.innerWidth < t.screenLgMin;
default:
return !0;
}
},
isWindowAboveBreakpoint: function(t) {
switch (t) {
isWindowAboveBreakpoint: function(e) {
switch (e) {
case "xs":
return window.innerWidth >= e.screenXsMin;
return window.innerWidth >= t.screenXsMin;
case "sm":
return window.innerWidth >= e.screenSmMin;
return window.innerWidth >= t.screenSmMin;
case "md":
return window.innerWidth >= e.screenMdMin;
return window.innerWidth >= t.screenMdMin;
case "lg":
return window.innerWidth >= e.screenLgMin;
return window.innerWidth >= t.screenLgMin;
default:
return !0;
}
},
linkify: function(e, t, n) {
return e ? (n || (e = _.escape(e)), e.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(e) {
return t ? '<a href="' + e + '" target="' + t + '">' + e + ' <i class="fa fa-external-link" aria-hidden="true"></i></a>' : '<a href="' + e + '">' + e + "</a>";
})) : e;
linkify: function(t, n, r) {
return t ? (r || (t = _.escape(t)), e(t.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(e) {
return n ? '<a href="' + e + '" target="' + n + '">' + e + ' <i class="fa fa-external-link" aria-hidden="true"></i></a>' : '<a href="' + e + '">' + e + "</a>";
}))) : t;
}
};
} ]), angular.module("openshiftCommonUI").provider("NotificationsService", function() {
......
src/ui-services/htmlService.js
'use strict';
angular.module("openshiftCommonUI")
.factory("HTMLService", function(BREAKPOINTS) {
.factory("HTMLService", function($sanitize, BREAKPOINTS) {
var WINDOW_SIZE_XXS = 'xxs';
var WINDOW_SIZE_XS = 'xs';
var WINDOW_SIZE_SM = 'sm';
......@@ -91,13 +91,13 @@ angular.module("openshiftCommonUI")
}
// Replace any URLs with links.
return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
if (target) {
return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
}
return "<a href=\"" + str + "\">" + str + "</a>";
});
}));
}
};
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment