nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From joew...@apache.org
Subject [nifi] 01/02: NIFI-6766: - Ensuring policy label is properly escaped when populating the user's access policy listing. This closes #3804.
Date Thu, 10 Oct 2019 05:36:02 GMT
This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git

commit 99e9010b323c7dadeca6abd1ea4635c944e7a526
Author: Matt Gilman <matt.c.gilman@gmail.com>
AuthorDate: Wed Oct 9 22:23:35 2019 -0400

    NIFI-6766:
    - Ensuring policy label is properly escaped when populating the user's access policy listing.
    This closes #3804.
    
    Signed-off-by: Joe Witt <joewitt@apache.org>
---
 .../nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
index 9c6a522..43df22c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
@@ -556,7 +556,7 @@
         }
 
         var subResource = nfCommon.substringAfterFirst(resource, '/restricted-components/');
-        return "Restricted components requiring '" + subResource + "'";
+        return "Restricted components requiring '" + nfCommon.escapeHtml(subResource) + "'";
     };
 
     /**
@@ -609,9 +609,9 @@
         }
 
         if (dataContext.component.componentReference.permissions.canRead === true) {
-            policyLabel += '<span style="font-weight: 500">' + dataContext.component.componentReference.component.name
+ '</span>';
+            policyLabel += '<span style="font-weight: 500">' + nfCommon.escapeHtml(dataContext.component.componentReference.component.name)
+ '</span>';
         } else {
-            policyLabel += '<span class="unset">' + dataContext.component.componentReference.id
+ '</span>'
+            policyLabel += '<span class="unset">' + nfCommon.escapeHtml(dataContext.component.componentReference.id)
+ '</span>'
         }
 
         return policyLabel;


Mime
View raw message