atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [2/2] incubator-atlas git commit: ATLAS-1402: fix UI input validation
Date Tue, 27 Dec 2016 22:46:47 GMT
ATLAS-1402: fix UI input validation


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/6681b948
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/6681b948
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/6681b948

Branch: refs/heads/0.7-incubating
Commit: 6681b94862f300a4e320e7cedf607e54dc6d3ad5
Parents: 3a95c0f
Author: kevalbhatt <kbhatt@apache.org>
Authored: Tue Dec 27 14:11:15 2016 -0800
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Tue Dec 27 14:41:39 2016 -0800

----------------------------------------------------------------------
 dashboardv2/public/index.html                   |  1 +
 dashboardv2/public/js/models/VTag.js            |  1 +
 .../public/js/utils/CommonViewFunction.js       | 10 ++--
 dashboardv2/public/js/utils/Utils.js            | 14 ++---
 .../views/audit/CreateAuditTableLayoutView.js   |  4 +-
 .../BusinessCatalogDetailLayoutView.js          | 54 +-------------------
 .../business_catalog/BusinessCatalogHeader.js   |  2 +-
 .../js/views/business_catalog/TreeLayoutView.js | 10 ++--
 .../views/detail_page/DetailPageLayoutView.js   |  8 +--
 .../public/js/views/schema/SchemaLayoutView.js  |  4 +-
 .../js/views/search/SearchResultLayoutView.js   |  6 +--
 .../public/js/views/tag/CreateTagLayoutView.js  |  3 +-
 .../views/tag/TagAttributeDetailLayoutView.js   | 33 +++++++-----
 .../js/views/tag/TagDetailTableLayoutView.js    |  6 +--
 .../public/js/views/tag/addTagModalView.js      |  2 +-
 release-log.txt                                 |  1 +
 webapp/src/main/webapp/login.jsp                |  1 +
 17 files changed, 60 insertions(+), 100 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/index.html
----------------------------------------------------------------------
diff --git a/dashboardv2/public/index.html b/dashboardv2/public/index.html
index 04edcee..534d574 100644
--- a/dashboardv2/public/index.html
+++ b/dashboardv2/public/index.html
@@ -30,6 +30,7 @@
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8; Cache-Control:
no-cache" />
+    <meta http-equiv="X-Frame-Options" content="deny">
     <title>Atlas</title>
     <meta name="description" content="">
     <meta name="viewport" content="width=device-width">

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/models/VTag.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/models/VTag.js b/dashboardv2/public/js/models/VTag.js
index 12c36f8..043b3ed 100644
--- a/dashboardv2/public/js/models/VTag.js
+++ b/dashboardv2/public/js/models/VTag.js
@@ -32,6 +32,7 @@ define(['require',
 
         initialize: function() {
             this.modelName = 'VTag';
+            this.set('tags', _.escape(this.get('tags')));
             this.bindErrorEvents();
         },
         toString: function() {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/utils/CommonViewFunction.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/utils/CommonViewFunction.js b/dashboardv2/public/js/utils/CommonViewFunction.js
index 67dd5e2..edb6058 100644
--- a/dashboardv2/public/js/utils/CommonViewFunction.js
+++ b/dashboardv2/public/js/utils/CommonViewFunction.js
@@ -336,13 +336,13 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages',
'utils/Glob
                 if (i == 0) {
                     href = splitUrlWithoutTerm[i];
                     urlList.push({
-                        value: splitUrlWithoutTerm[i],
+                        value: _.escape(splitUrlWithoutTerm[i]),
                         href: href
                     });
                 } else {
                     href += "/terms/" + splitUrlWithoutTerm[i];
                     urlList.push({
-                        value: splitUrlWithoutTerm[i],
+                        value: _.escape(splitUrlWithoutTerm[i]),
                         href: href
                     });
                 };
@@ -398,8 +398,8 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Glob
             }
             if (tagName.term) {
                 terms.push({
-                    deleteHtml: '<a class="pull-left" title="Remove Term"><i class="fa
fa-trash" data-id="tagClick" data-type="term" data-assetname="' + model.get("name") + '" data-name="'
+ tagName.fullName + '" data-guid="' + model.get('$id$').id + '" ></i></a>',
-                    url: tagName.fullName.split(".").join("/"),
+                    deleteHtml: '<a class="pull-left" title="Remove Term"><i class="fa
fa-trash" data-id="tagClick" data-type="term" data-assetname="' + _.escape(model.get("name"))
+ '" data-name="' + tagName.fullName + '" data-guid="' + model.get('$id$').id + '" ></i></a>',
+                    url: _.unescape(tagName.fullName).split(".").join("/"),
                     name: tagName.fullName
                 });
             }
@@ -410,7 +410,7 @@ define(['require', 'utils/Utils', 'modules/Modal', 'utils/Messages', 'utils/Glob
                 className += "showHideDiv hide";
             }
             obj['valueUrl'] = CommonViewFunction.breadcrumbUrlMaker(obj.url);
-            html += '<div class="' + className + '" dataterm-name="' + obj.name + '"><div
class="liContent"></div>' + obj.deleteHtml + '</div>';
+            html += '<div class="' + className + '" dataterm-name="' + _.escape(obj.name)
+ '"><div class="liContent"></div>' + obj.deleteHtml + '</div>';
         })
         if (terms.length > 1) {
             html += '<div><a  href="javascript:void(0)" data-id="showMoreLessTerm"
class="inputTag inputTagGreen"><span>Show More </span><i class="fa fa-angle-right"></i></a></div>'

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/utils/Utils.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/utils/Utils.js b/dashboardv2/public/js/utils/Utils.js
index 48963ad..d3a1b18 100644
--- a/dashboardv2/public/js/utils/Utils.js
+++ b/dashboardv2/public/js/utils/Utils.js
@@ -49,33 +49,33 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals,
pnoti
     };
 
     var notify = function(options) {
-        new pnotify(_.extend({ icon: true, hide: true, delay: 3000,remove:true }, options));
+        new pnotify(_.extend({ icon: true, hide: true, delay: 3000, remove: true }, options));
     }
     Utils.notifyInfo = function(options) {
         notify({
             type: "info",
-            text: options.content || "Info message."
+            text: _.escape(options.content) || "Info message."
         });
     };
 
     Utils.notifyWarn = function(options) {
         notify({
             type: "notice",
-            text: options.content || "Info message."
+            text: _.escape(options.content) || "Info message."
         });
     };
 
     Utils.notifyError = function(options) {
         notify({
             type: "error",
-            text: options.content || "Error occurred."
+            text: _.escape(options.content) || "Error occurred."
         });
     };
 
     Utils.notifySuccess = function(options) {
         notify({
             type: "success",
-            text: options.content || "Error occurred."
+            text: _.escape(options.content) || "Error occurred."
         });
     };
     Utils.defaultErrorHandler = function(model, error) {
@@ -243,7 +243,7 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals,
pnoti
             if (value == "TaxonomyTerm") {
                 return {}
             }
-            var name = value.split('.');
+            var name = _.escape(value).split('.');
             return {
                 term: true,
                 tag: false,
@@ -261,7 +261,7 @@ define(['require', 'utils/Globals', 'pnotify'], function(require, Globals,
pnoti
             if (name === "TaxonomyTerm") {
                 return {}
             }
-            name = name.split('.');
+            name = _.escape(name).split('.');
             var trem = false;
             if (value['taxonomy.namespace']) {
                 trem = true;

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js b/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js
index 58d5de8..252f96a 100644
--- a/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js
+++ b/dashboardv2/public/js/views/audit/CreateAuditTableLayoutView.js
@@ -70,7 +70,7 @@ define(['require',
                     var valueObject = detailsObject.values;
                     if (this.action == Globals.auditAction.TAG_ADD) {
                         this.ui.auditHeaderValue.html('<th>Tag</th>');
-                        this.ui.auditValue.html("<tr><td>" + detailsObject.typeName
+ "</td></tr>");
+                        this.ui.auditValue.html("<tr><td>" + _.escape(detailsObject.typeName)
+ "</td></tr>");
                     } else {
                         this.ui.auditHeaderValue.html('<th>Key</th><th>New
Value</th>');
                         table = CommonViewFunction.propertyTable(valueObject, this);
@@ -86,7 +86,7 @@ define(['require',
                 } else if (this.action == Globals.auditAction.TAG_DELETE) {
                     var appendedString = this.entityModel.get('details').split(':');
                     this.ui.auditHeaderValue.html('<th>Tag</th>');
-                    this.ui.auditValue.html("<tr><td>" + appendedString[1] +
"</td></tr>");
+                    this.ui.auditValue.html("<tr><td>" + _.escape(appendedString[1])
+ "</td></tr>");
                 }
 
             },

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js
b/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js
index 0518578..f709f4d 100644
--- a/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js
+++ b/dashboardv2/public/js/views/business_catalog/BusinessCatalogDetailLayoutView.js
@@ -104,7 +104,7 @@ define(['require',
                     }
                     if (description) {
                         this.ui.description.show();
-                        this.ui.description.html('<span>' + description + '</span>');
+                        this.ui.description.html('<span>' + _.escape(description) +
'</span>');
                     } else {
                         this.ui.description.hide();
                     }
@@ -129,56 +129,6 @@ define(['require',
                 this.ui.editButton.show();
                 this.ui.editBox.hide();
             },
-            addTagCollectionList: function(obj, searchString) {
-                var list = "",
-                    that = this;
-                _.each(obj, function(model) {
-                    var tags = model.get("tags");
-                    if (!_.contains(that.tagElement, tags)) {
-                        if (searchString) {
-                            if (tags.search(new RegExp(searchString, "i")) != -1) {
-                                list += '<div><span>' + tags + '</span></div>';
-                                return;
-                            }
-                        } else {
-                            list += '<div><span>' + tags + '</span></div>';
-                        }
-                    }
-                });
-                if (list.length <= 0) {
-                    list += '<div><span>' + "No more tags" + '</span></div>';
-                }
-                this.ui.appendList.html(list);
-            },
-            addTagToTerms: function(tagObject) {
-                var tagData = "";
-                _.each(tagObject, function(val) {
-                    tagData += '<span class="inputTag"><span class="inputValue">'
+ val + '</span><i class="fa fa-close" data-id="deleteTag"></i></span>';
-                });
-                this.$('.addTag-dropdown').before(tagData);
-            },
-            saveTagFromList: function(ref) {
-                var that = this;
-                this.entityModel = new VEntity();
-                var tagName = ref.text();
-                var json = {
-                    "jsonClass": "org.apache.atlas.typesystem.json.InstanceSerialization$_Struct",
-                    "typeName": tagName,
-                    "values": {}
-                };
-                this.entityModel.saveEntity(this.id, {
-                    data: JSON.stringify(json),
-                    success: function(data) {
-                        that.collection.fetch({ reset: true });
-                    },
-                    error: function(error, data, status) {
-                        if (error && error.responseText) {
-                            var data = JSON.parse(error.responseText);
-                        }
-                    },
-                    complete: function() {}
-                });
-            },
             onEditButton: function(e) {
                 var that = this;
                 $(e.currentTarget).blur();
@@ -186,7 +136,7 @@ define(['require',
                     'views/tag/CreateTagLayoutView',
                     'modules/Modal'
                 ], function(CreateTagLayoutView, Modal) {
-                    var view = new CreateTagLayoutView({ 'termCollection': that.collection,
'descriptionData': that.model.get('description'), 'tag': that.termName.name });
+                    var view = new CreateTagLayoutView({ 'termCollection': that.collection,
'descriptionData': that.model.get('description'), 'tag': _.unescape(that.termName.name) });
                     var modal = new Modal({
                         title: 'Edit Term',
                         content: view,

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js b/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js
index 6be1d2d..75ed98c 100644
--- a/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js
+++ b/dashboardv2/public/js/views/business_catalog/BusinessCatalogHeader.js
@@ -41,7 +41,7 @@ define(['require',
             var that = this;
             $(this.el).html(this.template());
             if (Globals.userLogedIn.status) {
-                that.$('.userName').html(Globals.userLogedIn.response.userName);
+                that.$('.userName').text(Globals.userLogedIn.response.userName);
             }
             var that = this;
             if (this.url) {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js b/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js
index 5802c92..e17b9ab 100644
--- a/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js
+++ b/dashboardv2/public/js/views/business_catalog/TreeLayoutView.js
@@ -258,11 +258,11 @@ define(['require',
                 if (isParent) {
                     this.parentCollection.url = this.url;
                     this.parentCollection.fullCollection.reset(undefined, { silent: true
});
-                    this.parentCollection.fetch({ reset: true,cache:true });
+                    this.parentCollection.fetch({ reset: true, cache: true });
                 } else {
                     this.childCollection.url = this.url + "?hierarchy/path:.";
                     this.childCollection.fullCollection.reset(undefined, { silent: true });
-                    this.childCollection.fetch({ reset: true });
+                    this.childCollection.fetch({ reset: true, cache: true });
                 }
             },
             showLoader: function() {
@@ -386,7 +386,7 @@ define(['require',
                         }
                         var name = Utils.checkTagOrTerm(model.get('name'), true);
                         if (name.name) {
-                              // data-name="<space>'<tagName>'"  Space is required
for DSL search Input 
+                            // data-name="<space>'<tagName>'"  Space is required
for DSL search Input 
                             if (that.viewBased) {
                                 parentLi = '<div class="tools"><i class="fa fa-refresh
fa-spin-custom taxanomyloader"></i><i class="fa fa-ellipsis-h termPopover"></i></div><i
class="fa fa-angle-right toggleArrow" data-id="expandArrow" data-href="' + hrefUrl + '"></i><a
href="javascript:void(0)" data-href="' + hrefUrl + '" data-name=" `' + model.get('name') +
'`">' + name.name + '</a>';
                             } else {
@@ -529,7 +529,7 @@ define(['require',
                     assetName = $(e.target).data("assetname"),
                     that = this,
                     modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Delete: " + "<b>" + termName
+ "?</b></div>" +
+                        msg: "<div class='ellipsis'>Delete: " + "<b>" + _.escape(termName)
+ "?</b></div>" +
                             "<p class='termNote'>Assets mapped to this term will be
unclassified.</p>",
                         titleMessage: Messages.deleteTerm,
                         buttonText: "Delete"
@@ -615,7 +615,7 @@ define(['require',
                     var view = new AddTermLayoutView({
                         url: "/api/atlas/v1/taxonomies",
                         model: new that.parentCollection.model(),
-                        defaultTerm:true
+                        defaultTerm: true
                     });
                     var modal = new Modal({
                         title: 'Taxonomy',

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js b/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js
index 4706ba3..336758d 100644
--- a/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js
+++ b/dashboardv2/public/js/views/detail_page/DetailPageLayoutView.js
@@ -155,7 +155,7 @@ define(['require',
                             this.description = collectionJSON[0].values.description;
                             if (this.name) {
                                 this.ui.title.show();
-                                var titleName = '<span>' + this.name + '</span>';
+                                var titleName = '<span>' + _.escape(this.name) + '</span>';
                                 if (this.readOnly) {
                                     titleName += '<button title="Deleted" class="btn btn-atlasAction
btn-atlas deleteBtn"><i class="fa fa-trash"></i> Deleted</button>';
                                 }
@@ -165,7 +165,7 @@ define(['require',
                             }
                             if (this.description) {
                                 this.ui.description.show();
-                                this.ui.description.html('<span>' + this.description
+ '</span>');
+                                this.ui.description.html('<span>' + _.escape(this.description)
+ '</span>');
                             } else {
                                 this.ui.description.hide();
                             }
@@ -201,13 +201,13 @@ define(['require',
                     that = this;
                 if (tagOrTerm === "term") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>",
                         titleMessage: Messages.removeTerm,
                         buttonText: "Remove"
                     });
                 } else if (tagOrTerm === "tag") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + this.name + "?</b></div>",
                         titleMessage: Messages.removeTag,
                         buttonText: "Remove"
                     });

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/schema/SchemaLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/schema/SchemaLayoutView.js b/dashboardv2/public/js/views/schema/SchemaLayoutView.js
index 47a8464..4a2dfdd 100644
--- a/dashboardv2/public/js/views/schema/SchemaLayoutView.js
+++ b/dashboardv2/public/js/views/schema/SchemaLayoutView.js
@@ -412,13 +412,13 @@ define(['require',
                     that = this;
                 if (tagOrTerm === "term") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
                         titleMessage: Messages.removeTerm,
                         buttonText: "Remove"
                     });
                 } else if (tagOrTerm === "tag") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
                         titleMessage: Messages.removeTag,
                         buttonText: "Remove"
                     });

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/search/SearchResultLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/search/SearchResultLayoutView.js b/dashboardv2/public/js/views/search/SearchResultLayoutView.js
index 2eca6a1..343cb1a 100644
--- a/dashboardv2/public/js/views/search/SearchResultLayoutView.js
+++ b/dashboardv2/public/js/views/search/SearchResultLayoutView.js
@@ -265,7 +265,7 @@ define(['require',
                         if (that.searchCollection.models.length) {
                             that.startRenderTableProcess();
                         }
-                        var resultData = 'Results for <b>' + that.searchCollection.queryParams.query
+ '</b>';
+                        var resultData = 'Results for <b>' + _.escape(that.searchCollection.queryParams.query)
+ '</b>';
                         var multiAssignDataTag = '<a href="javascript:void(0)" class="inputAssignTag
multiSelectTag assignTag" style="display:none" data-id="addAssignTag"><i class="fa fa-plus"></i>'
+ " " + 'Assign Tag</a>';
                         if (Globals.taxonomy) {
                             var multiAssignDataTerm = '<a href="javascript:void(0)" class="inputAssignTag
multiSelect" style="display:none" data-id="addTerm"><i class="fa fa-folder-o"></i>'
+ " " + 'Assign Term</a>';
@@ -615,13 +615,13 @@ define(['require',
                     that = this;
                 if (tagOrTerm === "term") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
                         titleMessage: Messages.removeTerm,
                         buttonText: "Remove"
                     });
                 } else if (tagOrTerm === "tag") {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + assetName + " ?</b></div>",
                         titleMessage: Messages.removeTag,
                         buttonText: "Remove"
                     });

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/CreateTagLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/tag/CreateTagLayoutView.js b/dashboardv2/public/js/views/tag/CreateTagLayoutView.js
index 8ff076a..0530767 100644
--- a/dashboardv2/public/js/views/tag/CreateTagLayoutView.js
+++ b/dashboardv2/public/js/views/tag/CreateTagLayoutView.js
@@ -1,4 +1,3 @@
-
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
@@ -72,7 +71,7 @@ define(['require',
                 if (this.create) {
                     this.tagCollectionList();
                 } else {
-                    this.ui.title.html('<span>' + this.tag + '</span>');
+                    this.ui.title.html('<span>' + _.escape(this.tag) + '</span>');
                 }
             },
             tagCollectionList: function() {

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js b/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js
index e115f83..8f82064 100644
--- a/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js
+++ b/dashboardv2/public/js/views/tag/TagAttributeDetailLayoutView.js
@@ -45,6 +45,7 @@ define(['require',
                 addTagListBtn: '[data-id="addTagListBtn"]',
                 addTagtext: '[data-id="addTagtext"]',
                 addTagPlus: '[data-id="addTagPlus"]',
+                addTagBtn: '[data-id="addTagBtn"]',
                 description: '[data-id="description"]',
                 descriptionTextArea: '[data-id="descriptionTextArea"]',
                 publishButton: '[data-id="publishButton"]',
@@ -74,16 +75,17 @@ define(['require',
                 this.listenTo(this.tagCollection, 'reset', function() {
                     var that = this,
                         attributeData = "";
-                    _.each(this.tagCollection.models, function(attr) {
-                        var traitTypes = attr.get("traitTypes");
-                        if (traitTypes[0].typeDescription != null) {
-                            var descriptionValue = traitTypes[0].typeDescription;
-                            that.ui.description.html(descriptionValue);
-                        }
-                        _.each(traitTypes[0].attributeDefinitions, function(value, key) {
-                            attributeData += '<span class="inputAttribute">' + value.name
+ '</span>';
-                        });
+                    this.traitTypes = this.tagCollection.first().get("traitTypes")[0];
+                    if (this.traitTypes.typeDescription != null) {
+                        that.ui.description.text(this.traitTypes.typeDescription);
+                    }
+                    if (this.traitTypes.typeName != null) {
+                        that.ui.title.text(this.traitTypes.typeName);
+                    }
+                    _.each(this.traitTypes.attributeDefinitions, function(value, key) {
+                        attributeData += '<span class="inputAttribute">' + _.escape(value.name)
+ '</span>';
                     });
+
                     if (attributeData.length) {
                         that.ui.addTagtext.hide();
                         that.ui.addTagPlus.show();
@@ -91,16 +93,21 @@ define(['require',
                     that.ui.showAttribute.html(attributeData);
                 }, this);
                 this.listenTo(this.tagCollection, 'error', function(error, response) {
+                    this.ui.addTagBtn.hide();
+                    this.ui.editButton.hide();
                     if (response.responseJSON && response.responseJSON.error) {
                         Utils.notifyError({
                             content: response.responseJSON.error
                         });
+                    } else {
+                        Utils.notifyError({
+                            content: "Something went wrong"
+                        });
                     }
 
                 }, this);
             },
             onRender: function() {
-                this.ui.title.html('<span>' + this.tag + '</span>');
                 this.ui.saveButton.attr("disabled", "true");
                 this.ui.publishButton.prop('disabled', true);
             },
@@ -141,7 +148,7 @@ define(['require',
                             }).open();
                         modal.on('ok', function() {
                             var attributeName = $(view.el).find("input").val();
-                            that.tagCollection.first().get('traitTypes')[0].attributeDefinitions.push({
+                            that.traitTypes.attributeDefinitions.push({
                                 "name": attributeName,
                                 "dataTypeName": "string",
                                 "multiplicity": "optional",
@@ -163,14 +170,14 @@ define(['require',
                 this.ui.editBox.hide();
             },
             textAreaChangeEvent: function(view, modal) {
-                if (view.tagCollection.first().get('traitTypes')[0].typeDescription == view.ui.description.val())
{
+                if (this.traitTypes.typeDescription == view.ui.description.val()) {
                     modal.$el.find('button.ok').prop('disabled', true);
                 } else {
                     modal.$el.find('button.ok').prop('disabled', false);
                 }
             },
             onPublishClick: function(view) {
-                view.tagCollection.first().get('traitTypes')[0].typeDescription = view.ui.description.val();
+                this.traitTypes.typeDescription = view.ui.description.val();
                 this.onSaveButton(this.tagCollection.first().toJSON(), Messages.updateTagDescriptionMessage);
                 this.ui.description.show();
             },

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js b/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js
index 283b889..a3e3e5d 100644
--- a/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js
+++ b/dashboardv2/public/js/views/tag/TagDetailTableLayoutView.js
@@ -136,7 +136,7 @@ define(['require',
                                         var stringArr = [];
                                         tagValue = "";
                                         _.each(values, function(val, key) {
-                                            var attrName = "<span>" + key + ":" + val
+ "</span>";
+                                            var attrName = "<span>" + _.escape(key)
+ ":" + _.escape(val) + "</span>";
                                             stringArr.push(attrName);
                                         });
                                         tagValue += stringArr.join(", ");
@@ -178,13 +178,13 @@ define(['require',
                     that = this;
                 if (that.term) {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>",
                         titleMessage: Messages.removeTerm,
                         buttonText: "Remove",
                     });
                 } else {
                     var modal = CommonViewFunction.deleteTagModel({
-                        msg: "<div class='ellipsis'>Remove: " + "<b>" + tagName
+ "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>",
+                        msg: "<div class='ellipsis'>Remove: " + "<b>" + _.escape(tagName)
+ "</b> assignment from" + " " + "<b>" + this.assetName + "?</b></div>",
                         titleMessage: Messages.removeTag,
                         buttonText: "Remove",
                     });

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/dashboardv2/public/js/views/tag/addTagModalView.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/views/tag/addTagModalView.js b/dashboardv2/public/js/views/tag/addTagModalView.js
index 972997c..8cfe27d 100644
--- a/dashboardv2/public/js/views/tag/addTagModalView.js
+++ b/dashboardv2/public/js/views/tag/addTagModalView.js
@@ -156,7 +156,7 @@ define(['require',
             if (this.commonCollection.models[0] && this.commonCollection.models[0].attributes
&& this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions)
{
                 for (var i = 0; i < this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions.length;
i++) {
                     var attribute = this.commonCollection.models[0].attributes.traitTypes[0].attributeDefinitions;
-                    var strAttribute = '<div class="form-group"><label>' + attribute[i].name
+ '</label>' +
+                    var strAttribute = '<div class="form-group"><label>' + _.escape(attribute[i].name)
+ '</label>' +
                         '<input type="text" class="form-control attributeInputVal attrName"
data-key="' + attribute[i].name + '" ></input></div>';
                     this.ui.tagAttribute.append(strAttribute);
                 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index ccb2a3a..2543526 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -32,6 +32,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file
(dosset
 ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via
shwethags)
 
 ALL CHANGES:
+ATLAS-1402 fix UI input validation
 ATLAS-1192 Atlas IE support (kevalbhatt)
 ATLAS-1215 Atlas UI not working in firefox due to fix in ATLAS-1199 (kevalbhatt)
 ATLAS-1199 Atlas UI not loading after fresh build due to jquery-asBreadcrumbs plugin upgrade
(kevalbhatt via shwethags)

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/6681b948/webapp/src/main/webapp/login.jsp
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/login.jsp b/webapp/src/main/webapp/login.jsp
index 465e4e8..78f0f97 100644
--- a/webapp/src/main/webapp/login.jsp
+++ b/webapp/src/main/webapp/login.jsp
@@ -36,6 +36,7 @@ Redirect();
   <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+    <meta http-equiv="X-Frame-Options" content="deny">
     <title>Atlas Login</title>
     <meta name="description" content="">
     <meta name="viewport" content="width=device-width">


Mime
View raw message