qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1482562 - in /qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid: authorization/ management/ management/accesscontrolprovider/ management/groupprovider/
Date Tue, 14 May 2013 20:27:20 GMT
Author: rgodfrey
Date: Tue May 14 20:27:19 2013
New Revision: 1482562

URL: http://svn.apache.org/r1482562
Log:
QPID-4841 : Ensure all data values returned through the REST API are properly sanitised before
displaying in HTML to prevent XSS attacks 

Modified:
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AuthenticationProvider.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Connection.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Exchange.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/GroupProvider.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/KeyStore.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Plugin.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Port.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Queue.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/TrustStore.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/VirtualHost.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js
    qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/groupprovider/FileGroupManager.js

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
Tue May 14 20:27:19 2013
@@ -21,16 +21,17 @@
 
 require(["dojo/dom",
          "qpid/authorization/sasl",
-         "dojo/domReady!"], function(dom, sasl){
+         "dojox/html/entities",
+         "dojo/domReady!"], function(dom, sasl, entities){
 
 var updateUI = function updateUI(data)
 {
     if(data.user)
     {
-        dom.byId("authenticatedUser").innerHTML = data.user;
+        dom.byId("authenticatedUser").innerHTML = entities.encode(String(data.user));
         dom.byId("login").style.display = "block";
     }
 };
 
 sasl.getUser(updateUI);
-});
\ No newline at end of file
+});

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js
Tue May 14 20:27:19 2013
@@ -29,10 +29,11 @@ define(["dojo/_base/xhr",
         "dojox/grid/EnhancedGrid",
         "dijit/registry",
         "dojo/_base/event",
+        "dojox/html/entities",
         "dojox/grid/enhanced/plugins/Pagination",
         "dojox/grid/enhanced/plugins/IndirectSelection",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, event) {
+       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, event, entities) {
 
            function AccessControlProvider(name, parent, controller) {
                this.name = name;
@@ -124,9 +125,9 @@ define(["dojo/_base/xhr",
 
            AccessControlProviderUpdater.prototype.updateHeader = function()
            {
-               this.name.innerHTML = this.accessControlProviderData[ "name" ];
-               this.type.innerHTML = this.accessControlProviderData[ "type" ];
-               this.state.innerHTML = this.accessControlProviderData[ "state" ];
+               this.name.innerHTML = entities.encode(String(this.accessControlProviderData[
"name" ]));
+               this.type.innerHTML = entities.encode(String(this.accessControlProviderData[
"type" ]));
+               this.state.innerHTML = entities.encode(String(this.accessControlProviderData[
"state" ]));
            };
 
            return AccessControlProvider;

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AuthenticationProvider.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AuthenticationProvider.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AuthenticationProvider.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AuthenticationProvider.js
Tue May 14 20:27:19 2013
@@ -31,10 +31,11 @@ define(["dojo/_base/xhr",
         "dojo/_base/event",
         "dijit/registry",
         "dojo/dom-style",
+        "dojox/html/entities",
         "dojox/grid/enhanced/plugins/Pagination",
         "dojox/grid/enhanced/plugins/IndirectSelection",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, addAuthenticationProvider, event, registry, domStyle) {
+       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, addAuthenticationProvider, event, registry, domStyle, entities) {
 
            function AuthenticationProvider(name, parent, controller) {
                this.name = name;
@@ -151,9 +152,9 @@ define(["dojo/_base/xhr",
            AuthProviderUpdater.prototype.updateHeader = function()
            {
                this.authenticationProvider.name = this.authProviderData[ "name" ]
-               this.name.innerHTML = this.authProviderData[ "name" ];
-               this.type.innerHTML = this.authProviderData[ "type" ];
-               this.state.innerHTML = this.authProviderData[ "state" ];
+               this.name.innerHTML = entities.encode(String(this.authProviderData[ "name"
]));
+               this.type.innerHTML = entities.encode(String(this.authProviderData[ "type"
]));
+               this.state.innerHTML = entities.encode(String(this.authProviderData[ "state"
]));
            };
 
            AuthProviderUpdater.prototype.update = function()

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js
Tue May 14 20:27:19 2013
@@ -28,6 +28,7 @@ define(["dojo/_base/xhr",
         "qpid/common/UpdatableStore",
         "dojox/grid/EnhancedGrid",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/management/addAuthenticationProvider",
         "qpid/management/addVirtualHost",
         "qpid/management/addPort",
@@ -44,7 +45,7 @@ define(["dojo/_base/xhr",
         "dijit/form/CheckBox",
         "dojo/store/Memory",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, addAuthenticationProvider, addVirtualHost, addPort, addKeystore, addGroupProvider,
addAccessControlProvider) {
+       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, entities, addAuthenticationProvider, addVirtualHost, addPort, addKeystore,
addGroupProvider, addAccessControlProvider) {
 
            function Broker(name, parent, controller) {
                this.name = name;
@@ -719,7 +720,7 @@ define(["dojo/_base/xhr",
                      {
                        container.style.display = "block";
                      }
-                     element.innerHTML = brokerData [propertyName];
+                     element.innerHTML = entities.encode(String(brokerData [propertyName]));
                    }
                    else
                    {
@@ -817,14 +818,14 @@ define(["dojo/_base/xhr",
            BrokerUpdater.prototype.showReadOnlyAttributes = function()
            {
                var brokerData = this.brokerData;
-               dojo.byId("brokerAttribute.name").innerHTML = brokerData.name;
-               dojo.byId("brokerAttribute.operatingSystem").innerHTML = brokerData.operatingSystem;
-               dojo.byId("brokerAttribute.platform").innerHTML = brokerData.platform;
-               dojo.byId("brokerAttribute.productVersion").innerHTML = brokerData.productVersion;
-               dojo.byId("brokerAttribute.modelVersion").innerHTML = brokerData.modelVersion;
-               dojo.byId("brokerAttribute.storeType").innerHTML = brokerData.storeType;
-               dojo.byId("brokerAttribute.storeVersion").innerHTML = brokerData.storeVersion;
-               dojo.byId("brokerAttribute.storePath").innerHTML = brokerData.storePath;
+               dojo.byId("brokerAttribute.name").innerHTML = entities.encode(String(brokerData.name));
+               dojo.byId("brokerAttribute.operatingSystem").innerHTML = entities.encode(String(brokerData.operatingSystem));
+               dojo.byId("brokerAttribute.platform").innerHTML = entities.encode(String(brokerData.platform));
+               dojo.byId("brokerAttribute.productVersion").innerHTML = entities.encode(String(brokerData.productVersion));
+               dojo.byId("brokerAttribute.modelVersion").innerHTML = entities.encode(String(brokerData.modelVersion));
+               dojo.byId("brokerAttribute.storeType").innerHTML = entities.encode(String(brokerData.storeType));
+               dojo.byId("brokerAttribute.storeVersion").innerHTML = entities.encode(String(brokerData.storeVersion));
+               dojo.byId("brokerAttribute.storePath").innerHTML = entities.encode(String(brokerData.storePath));
            }
 
            return Broker;

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Connection.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Connection.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Connection.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Connection.js
Tue May 14 20:27:19 2013
@@ -27,8 +27,9 @@ define(["dojo/_base/xhr",
         "qpid/common/util",
         "qpid/common/formatter",
         "qpid/common/UpdatableStore",
+        "dojox/html/entities",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, formatter, UpdatableStore)
{
+       function (xhr, parser, query, connect, properties, updater, util, formatter, UpdatableStore,
entities) {
 
            function Connection(name, parent, controller) {
                this.name = name;
@@ -123,13 +124,13 @@ define(["dojo/_base/xhr",
 
            ConnectionUpdater.prototype.updateHeader = function()
            {
-              this.name.innerHTML = this.connectionData[ "name" ];
-              this.state.innerHTML = this.connectionData[ "state" ];
-              this.durable.innerHTML = this.connectionData[ "durable" ];
-              this.principal.innerHTML = this.connectionData[ "principal" ];
-              this.port.innerHTML = this.connectionData[ "port" ];
-              this.transport.innerHTML = this.connectionData[ "transport" ];
-              this.lifetimePolicy.innerHTML = this.connectionData[ "lifetimePolicy" ];
+              this.name.innerHTML = entities.encode(String(this.connectionData[ "name" ]));
+              this.state.innerHTML = entities.encode(String(this.connectionData[ "state"
]));
+              this.durable.innerHTML = entities.encode(String(this.connectionData[ "durable"
]));
+              this.principal.innerHTML = entities.encode(String(this.connectionData[ "principal"
]));
+              this.port.innerHTML = entities.encode(String(this.connectionData[ "port" ]));
+              this.transport.innerHTML = entities.encode(String(this.connectionData[ "transport"
]));
+              this.lifetimePolicy.innerHTML = entities.encode(String(this.connectionData[
"lifetimePolicy" ]));
 
            };
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Exchange.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Exchange.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Exchange.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Exchange.js
Tue May 14 20:27:19 2013
@@ -30,8 +30,9 @@ define(["dojo/_base/xhr",
         "qpid/common/UpdatableStore",
         "qpid/management/addBinding",
         "dojox/grid/EnhancedGrid",
+        "dojox/html/entities",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, registry, properties, updater, util, formatter,
UpdatableStore, addBinding, EnhancedGrid) {
+       function (xhr, parser, query, connect, registry, properties, updater, util, formatter,
UpdatableStore, addBinding, EnhancedGrid, entities) {
 
            function Exchange(name, parent, controller) {
                this.name = name;
@@ -191,10 +192,10 @@ define(["dojo/_base/xhr",
 
            ExchangeUpdater.prototype.updateHeader = function()
            {
-              this.name.innerHTML = this.exchangeData[ "name" ];
-              this.state.innerHTML = this.exchangeData[ "state" ];
-              this.durable.innerHTML = this.exchangeData[ "durable" ];
-              this.lifetimePolicy.innerHTML = this.exchangeData[ "lifetimePolicy" ];
+              this.name.innerHTML = entities.encode(String(this.exchangeData[ "name" ]));
+              this.state.innerHTML = entities.encode(String(this.exchangeData[ "state" ]));
+              this.durable.innerHTML = entities.encode(String(this.exchangeData[ "durable"
]));
+              this.lifetimePolicy.innerHTML = entities.encode(String(this.exchangeData[ "lifetimePolicy"
]));
 
            };
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/GroupProvider.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/GroupProvider.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/GroupProvider.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/GroupProvider.js
Tue May 14 20:27:19 2013
@@ -29,10 +29,11 @@ define(["dojo/_base/xhr",
         "dojox/grid/EnhancedGrid",
         "dijit/registry",
         "dojo/_base/event",
+        "dojox/html/entities",
         "dojox/grid/enhanced/plugins/Pagination",
         "dojox/grid/enhanced/plugins/IndirectSelection",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, event) {
+       function (xhr, parser, query, connect, properties, updater, util, UpdatableStore,
EnhancedGrid, registry, event, entities) {
 
            function GroupProvider(name, parent, controller) {
                this.name = name;
@@ -133,9 +134,9 @@ define(["dojo/_base/xhr",
 
            GroupProviderUpdater.prototype.updateHeader = function()
            {
-               this.name.innerHTML = this.groupProviderData[ "name" ];
-               this.type.innerHTML = this.groupProviderData[ "type" ];
-               this.state.innerHTML = this.groupProviderData[ "state" ];
+               this.name.innerHTML = entities.encode(String(this.groupProviderData[ "name"
]));
+               this.type.innerHTML = entities.encode(String(this.groupProviderData[ "type"
]));
+               this.state.innerHTML = entities.encode(String(this.groupProviderData[ "state"
]));
            };
 
            GroupProviderUpdater.prototype.update = function()

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/KeyStore.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/KeyStore.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/KeyStore.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/KeyStore.js
Tue May 14 20:27:19 2013
@@ -24,13 +24,14 @@ define(["dojo/dom",
         "dojo/query",
         "dojo/_base/connect",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/properties",
         "qpid/common/updater",
         "qpid/common/util",
         "qpid/common/formatter",
         "qpid/management/addKeystore",
         "dojo/domReady!"],
-       function (dom, xhr, parser, query, connect, registry, properties, updater, util, formatter,
addKeystore) {
+       function (dom, xhr, parser, query, connect, registry, entities, properties, updater,
util, formatter, addKeystore) {
 
            function KeyStore(name, parent, controller, objectType) {
                this.keyStoreName = name;
@@ -118,11 +119,11 @@ define(["dojo/dom",
 
            KeyStoreUpdater.prototype.updateHeader = function()
            {
-              this.name.innerHTML = this.keyStoreData[ "name" ];
-              this.path.innerHTML = this.keyStoreData[ "path" ];
-              this.type.innerHTML = this.keyStoreData[ "type" ];
-              this.keyManagerFactoryAlgorithm.innerHTML = this.keyStoreData[ "keyManagerFactoryAlgorithm"
];
-              this.certificateAlias.innerHTML = this.keyStoreData[ "certificateAlias" ] ?
this.keyStoreData[ "certificateAlias" ] : "";
+              this.name.innerHTML = entities.encode(String(this.keyStoreData[ "name" ]));
+              this.path.innerHTML = entities.encode(String(this.keyStoreData[ "path" ]));
+              this.type.innerHTML = entities.encode(String(this.keyStoreData[ "type" ]));
+              this.keyManagerFactoryAlgorithm.innerHTML = entities.encode(String(this.keyStoreData[
"keyManagerFactoryAlgorithm" ]));
+              this.certificateAlias.innerHTML = this.keyStoreData[ "certificateAlias" ] ?
entities.encode(String( this.keyStoreData[ "certificateAlias" ])) : "";
            };
 
            KeyStoreUpdater.prototype.update = function()

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Plugin.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Plugin.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Plugin.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Plugin.js
Tue May 14 20:27:19 2013
@@ -27,8 +27,9 @@ define(["dojo/_base/xhr",
         "qpid/common/util",
         "dijit/registry",
         "dojo/_base/event",
+        "dojox/html/entities",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, properties, updater, util, registry, event)
{
+       function (xhr, parser, query, connect, properties, updater, util, registry, event,
entities) {
 
            function Plugin(name, parent, controller) {
                this.name = name;
@@ -88,8 +89,8 @@ define(["dojo/_base/xhr",
 
            PluginUpdater.prototype.updateHeader = function()
            {
-               this.name.innerHTML = this.pluginData[ "name" ];
-               this.type.innerHTML = this.pluginData[ "pluginType" ];
+               this.name.innerHTML = entities.encode(String(this.pluginData[ "name" ]));
+               this.type.innerHTML = entities.encode(String(this.pluginData[ "pluginType"
]));
            };
 
            return Plugin;

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Port.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Port.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Port.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Port.js
Tue May 14 20:27:19 2013
@@ -24,13 +24,14 @@ define(["dojo/dom",
         "dojo/query",
         "dojo/_base/connect",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/properties",
         "qpid/common/updater",
         "qpid/common/util",
         "qpid/common/formatter",
         "qpid/management/addPort",
         "dojo/domReady!"],
-       function (dom, xhr, parser, query, connect, registry, properties, updater, util, formatter,
addPort) {
+       function (dom, xhr, parser, query, connect, registry, entities, properties, updater,
util, formatter, addPort) {
 
            function Port(name, parent, controller) {
                this.name = name;
@@ -163,20 +164,20 @@ define(["dojo/dom",
                    var data = "<div>";
                    if (array) {
                        for(var i = 0; i < array.length; i++) {
-                           data+= "<div>" + array[i] + "</div>";
+                           data+= "<div>" + entities.encode(array[i]) + "</div>";
                        }
                    }
                    return data + "</div>";
                }
 
-              this.nameValue.innerHTML = this.keyStoreData[ "name" ];
-              this.stateValue.innerHTML = this.keyStoreData[ "state" ];
-              this.portValue.innerHTML = this.keyStoreData[ "port" ];
-              this.authenticationProviderValue.innerHTML = this.keyStoreData[ "authenticationProvider"
] ? this.keyStoreData[ "authenticationProvider" ] : "";
+              this.nameValue.innerHTML = entities.encode(String(this.keyStoreData[ "name"
]));
+              this.stateValue.innerHTML = entities.encode(String(this.keyStoreData[ "state"
]));
+              this.portValue.innerHTML = entities.encode(String(this.keyStoreData[ "port"
]));
+              this.authenticationProviderValue.innerHTML = this.keyStoreData[ "authenticationProvider"
] ? entities.encode(String(this.keyStoreData[ "authenticationProvider" ])) : "";
               this.protocolsValue.innerHTML = printArray( "protocols", this.keyStoreData);
               this.transportsValue.innerHTML = printArray( "transports", this.keyStoreData);
-              this.bindingAddressValue.innerHTML = this.keyStoreData[ "bindingAddress" ]
? this.keyStoreData[ "bindingAddress" ] : "" ;
-              this.keyStoreValue.innerHTML = this.keyStoreData[ "keyStore" ] ? this.keyStoreData[
"keyStore" ] : "";
+              this.bindingAddressValue.innerHTML = this.keyStoreData[ "bindingAddress" ]
? entities.encode(String(this.keyStoreData[ "bindingAddress" ])) : "" ;
+              this.keyStoreValue.innerHTML = this.keyStoreData[ "keyStore" ] ? entities.encode(String(this.keyStoreData[
"keyStore" ])) : "";
               this.needClientAuthValue.innerHTML = "<input type='checkbox' disabled='disabled'
"+(this.keyStoreData[ "needClientAuth" ] ? "checked='checked'": "")+" />" ;
               this.wantClientAuthValue.innerHTML = "<input type='checkbox' disabled='disabled'
"+(this.keyStoreData[ "wantClientAuth" ] ? "checked='checked'": "")+" />" ;
               this.trustStoresValue.innerHTML = printArray( "trustStores", this.keyStoreData);

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Queue.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Queue.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Queue.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Queue.js
Tue May 14 20:27:19 2013
@@ -36,11 +36,12 @@ define(["dojo/_base/xhr",
         "dojo/store/JsonRest",
         "dojox/grid/EnhancedGrid",
         "dojo/data/ObjectStore",
+        "dojox/html/entities",
         "dojox/grid/enhanced/plugins/Pagination",
         "dojox/grid/enhanced/plugins/IndirectSelection",
         "dojo/domReady!"],
        function (xhr, parser, query, registry, connect, event, json, properties, updater,
util, formatter,
-                 UpdatableStore, addBinding, moveMessages, showMessage, JsonRest, EnhancedGrid,
ObjectStore) {
+                 UpdatableStore, addBinding, moveMessages, showMessage, JsonRest, EnhancedGrid,
ObjectStore, entities) {
 
            function Queue(name, parent, controller) {
                this.name = name;
@@ -331,29 +332,29 @@ define(["dojo/_base/xhr",
            {
 
                var bytesDepth;
-               this.name.innerHTML = this.queueData[ "name" ];
-               this.state.innerHTML = this.queueData[ "state" ];
-               this.durable.innerHTML = this.queueData[ "durable" ];
-               this.lifetimePolicy.innerHTML = this.queueData[ "lifetimePolicy" ];
-               this.alternateExchange.innerHTML = this.queueData[ "alternateExchange" ] ?
this.queueData[ "alternateExchange" ]: "" ;
+               this.name.innerHTML = entities.encode(String(this.queueData[ "name" ]));
+               this.state.innerHTML = entities.encode(String(this.queueData[ "state" ]));
+               this.durable.innerHTML = entities.encode(String(this.queueData[ "durable"
]));
+               this.lifetimePolicy.innerHTML = entities.encode(String(this.queueData[ "lifetimePolicy"
]));
+               this.alternateExchange.innerHTML = this.queueData[ "alternateExchange" ] ?
entities.encode(String(this.queueData[ "alternateExchange" ])) : "" ;
 
-               this.queueDepthMessages.innerHTML = this.queueData["queueDepthMessages"];
+               this.queueDepthMessages.innerHTML = entities.encode(String(this.queueData["queueDepthMessages"]));
                bytesDepth = formatter.formatBytes( this.queueData["queueDepthBytes"] );
                this.queueDepthBytes.innerHTML = "(" + bytesDepth.value;
                this.queueDepthBytesUnits.innerHTML = bytesDepth.units + ")";
 
-               this.unacknowledgedMessages.innerHTML = this.queueData["unacknowledgedMessages"];
+               this.unacknowledgedMessages.innerHTML = entities.encode(String(this.queueData["unacknowledgedMessages"]));
                bytesDepth = formatter.formatBytes( this.queueData["unacknowledgedBytes"]
);
                this.unacknowledgedBytes.innerHTML = "(" + bytesDepth.value;
                this.unacknowledgedBytesUnits.innerHTML = bytesDepth.units + ")";
-               this.type.innerHTML = this.queueData[ "type" ];
+               this.type.innerHTML = entities.encode(this.queueData[ "type" ]);
                if (this.queueData.type == "standard")
                {
                    this.typeQualifier.style.display = "none";
                }
                else
                {
-                   this.typeQualifier.innerHTML = "(" + queueTypeKeyNames[this.queueData.type]
+ ": " + this.queueData[queueTypeKeys[this.queueData.type]] + ")";
+                   this.typeQualifier.innerHTML = entities.encode("(" + queueTypeKeyNames[this.queueData.type]
+ ": " + this.queueData[queueTypeKeys[this.queueData.type]] + ")");
                }
 
            };
@@ -400,7 +401,7 @@ define(["dojo/_base/xhr",
                        thisObj.alertThresholdQueueDepthBytes.innerHTML = alertQueueDepth.value;
                        thisObj.alertThresholdQueueDepthBytesUnits.innerHTML = alertQueueDepth.units;
 
-                       thisObj.alertThresholdQueueDepthMessages.innerHTML = thisObj.queueData["alertThresholdQueueDepthMessages"];
+                       thisObj.alertThresholdQueueDepthMessages.innerHTML = entities.encode(String(thisObj.queueData["alertThresholdQueueDepthMessages"]));
 
                        var sampleTime = new Date();
                        var messageIn = thisObj.queueData["totalEnqueuedMessages"];

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/TrustStore.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/TrustStore.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/TrustStore.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/TrustStore.js
Tue May 14 20:27:19 2013
@@ -24,13 +24,14 @@ define(["dojo/dom",
         "dojo/query",
         "dojo/_base/connect",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/properties",
         "qpid/common/updater",
         "qpid/common/util",
         "qpid/common/formatter",
         "qpid/management/addKeystore",
         "dojo/domReady!"],
-       function (dom, xhr, parser, query, connect, registry, properties, updater, util, formatter,
addKeystore) {
+       function (dom, xhr, parser, query, connect, registry, entities, properties, updater,
util, formatter, addKeystore) {
 
            function TrustStore(name, parent, controller) {
                this.keyStoreName = name;
@@ -118,10 +119,10 @@ define(["dojo/dom",
 
            KeyStoreUpdater.prototype.updateHeader = function()
            {
-              this.name.innerHTML = this.keyStoreData[ "name" ];
-              this.path.innerHTML = this.keyStoreData[ "path" ];
-              this.type.innerHTML = this.keyStoreData[ "type" ];
-              this.trustManagerFactoryAlgorithm.innerHTML = this.keyStoreData[ "trustManagerFactoryAlgorithm"
];
+              this.name.innerHTML = entities.encode(String(this.keyStoreData[ "name" ]));
+              this.path.innerHTML = entities.encode(String(this.keyStoreData[ "path" ]));
+              this.type.innerHTML = entities.encode(String(this.keyStoreData[ "type" ]));
+              this.trustManagerFactoryAlgorithm.innerHTML = entities.encode(String(this.keyStoreData[
"trustManagerFactoryAlgorithm" ]));
               this.peersOnly.innerHTML = "<input type='checkbox' disabled='disabled' "+(this.keyStoreData[
"peersOnly" ] ? "checked='checked'": "")+" />" ;
            };
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/VirtualHost.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/VirtualHost.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/VirtualHost.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/VirtualHost.js
Tue May 14 20:27:19 2013
@@ -23,6 +23,7 @@ define(["dojo/_base/xhr",
         "dojo/query",
         "dojo/_base/connect",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/properties",
         "qpid/common/updater",
         "qpid/common/util",
@@ -32,7 +33,7 @@ define(["dojo/_base/xhr",
         "qpid/management/addExchange",
         "dojox/grid/EnhancedGrid",
         "dojo/domReady!"],
-       function (xhr, parser, query, connect, registry, properties, updater, util, formatter,
UpdatableStore, addQueue, addExchange, EnhancedGrid) {
+       function (xhr, parser, query, connect, registry, entities, properties, updater, util,
formatter, UpdatableStore, addQueue, addExchange, EnhancedGrid) {
 
            function VirtualHost(name, parent, controller) {
                this.name = name;
@@ -240,13 +241,13 @@ define(["dojo/_base/xhr",
 
            Updater.prototype.updateHeader = function()
            {
-               this.name.innerHTML = this.vhostData[ "name" ];
-               this.state.innerHTML = this.vhostData[ "state" ];
-               this.durable.innerHTML = this.vhostData[ "durable" ];
-               this.lifetimePolicy.innerHTML = this.vhostData[ "lifetimePolicy" ];
-               this.storeType.innerHTML = this.vhostData[ "storeType" ];
-               this.storePath.innerHTML = this.vhostData[ "storePath" ];
-               this.configPath.innerHTML = this.vhostData[ "configPath" ];
+               this.name.innerHTML = entities.encode(String(this.vhostData[ "name" ]));
+               this.state.innerHTML = entities.encode(String(this.vhostData[ "state" ]));
+               this.durable.innerHTML = entities.encode(String(this.vhostData[ "durable"
]));
+               this.lifetimePolicy.innerHTML = entities.encode(String(this.vhostData[ "lifetimePolicy"
]));
+               this.storeType.innerHTML = entities.encode(String(this.vhostData[ "storeType"
]));
+               this.storePath.innerHTML = entities.encode(String(this.vhostData[ "storePath"
]));
+               this.configPath.innerHTML = entities.encode(String(this.vhostData[ "configPath"
]));
            };
 
            Updater.prototype.update = function()
@@ -287,7 +288,7 @@ define(["dojo/_base/xhr",
                        thisObj.alertThresholdQueueDepthBytes.innerHTML = alertQueueDepth.value;
                        thisObj.alertThresholdQueueDepthBytesUnits.innerHTML = alertQueueDepth.units;
 
-                       thisObj.alertThresholdQueueDepthMessages.innerHTML = thisObj.vhostData["queue.alertThresholdQueueDepthMessages"];
+                       thisObj.alertThresholdQueueDepthMessages.innerHTML = entities.encode(String(thisObj.vhostData["queue.alertThresholdQueueDepthMessages"]));
 
                        var stats = thisObj.vhostData[ "statistics" ];
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js
Tue May 14 20:27:19 2013
@@ -28,6 +28,7 @@ define(["dojo/_base/xhr",
         "dojo/_base/event",
         "dojo/_base/json",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/util",
         "qpid/common/properties",
         "qpid/common/updater",
@@ -43,7 +44,7 @@ define(["dojo/_base/xhr",
         "dijit/form/Form",
         "dijit/form/DateTextBox",
         "dojo/domReady!"],
-    function (xhr, dom, parser, query, construct, connect, win, event, json, registry, util,
properties, updater, UpdatableStore, EnhancedGrid) {
+    function (xhr, dom, parser, query, construct, connect, win, event, json, registry, entities,
util, properties, updater, UpdatableStore, EnhancedGrid) {
         function AclFile(containerNode, aclProviderObj, controller) {
             var node = construct.create("div", null, containerNode, "last");
             var that = this;
@@ -85,7 +86,7 @@ define(["dojo/_base/xhr",
                   if (data[0])
                   {
                     that.aclProviderData = data[0];
-                    that.path.innerHTML = that.aclProviderData.path;
+                    that.path.innerHTML = entities.encode(String(that.aclProviderData.path));
                   }
                 });
 

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js
Tue May 14 20:27:19 2013
@@ -21,6 +21,7 @@
 define(["dojo/dom",
         "dijit/registry",
         "dijit/layout/ContentPane",
+        "dojox/html/entities",
         "qpid/management/Broker",
         "qpid/management/VirtualHost",
         "qpid/management/Exchange",
@@ -36,7 +37,7 @@ define(["dojo/dom",
         "qpid/management/Plugin",
         "dojo/ready",
         "dojo/domReady!"],
-       function (dom, registry, ContentPane, Broker, VirtualHost, Exchange, Queue, Connection,
AuthProvider,
+       function (dom, registry, ContentPane, entities, Broker, VirtualHost, Exchange, Queue,
Connection, AuthProvider,
                  GroupProvider, Group, KeyStore, TrustStore, AccessControlProvider, Port,
Plugin, ready) {
            var controller = {};
 
@@ -86,7 +87,7 @@ define(["dojo/dom",
                        this.viewedObjects[ objId ] = obj;
 
                        var contentPane = new ContentPane({ region: "center" ,
-                                                           title: obj.getTitle(),
+                                                           title: entities.encode(obj.getTitle()),
                                                            closable: true,
                                                            onClose: function() {
                                                                obj.close();
@@ -113,4 +114,4 @@ define(["dojo/dom",
 
 
            return controller;
-       });
\ No newline at end of file
+       });

Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/groupprovider/FileGroupManager.js
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/groupprovider/FileGroupManager.js?rev=1482562&r1=1482561&r2=1482562&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/groupprovider/FileGroupManager.js
(original)
+++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/groupprovider/FileGroupManager.js
Tue May 14 20:27:19 2013
@@ -28,6 +28,7 @@ define(["dojo/_base/xhr",
         "dojo/_base/event",
         "dojo/_base/json",
         "dijit/registry",
+        "dojox/html/entities",
         "qpid/common/util",
         "qpid/common/properties",
         "qpid/common/updater",
@@ -43,7 +44,7 @@ define(["dojo/_base/xhr",
         "dijit/form/Form",
         "dijit/form/DateTextBox",
         "dojo/domReady!"],
-    function (xhr, dom, parser, query, construct, connect, win, event, json, registry, util,
properties, updater, UpdatableStore, EnhancedGrid) {
+    function (xhr, dom, parser, query, construct, connect, win, event, json, registry, entities,
util, properties, updater, UpdatableStore, EnhancedGrid) {
         function DatabaseGroupManager(containerNode, groupProviderObj, controller) {
             var node = construct.create("div", null, containerNode, "last");
             var that = this;
@@ -176,7 +177,7 @@ define(["dojo/_base/xhr",
             xhr.get({url: this.query, sync: properties.useSyncGet, handleAs: "json"})
                 .then(function(data) {
                     that.groupProviderData = data[0];
-                    that.path.innerHTML = that.groupProviderData.path;
+                    that.path.innerHTML = entities.encode(String(that.groupProviderData.path));
                     util.flattenStatistics( that.groupProviderData );
 
                     that.groupsGrid.update(that.groupProviderData.groups);



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message