archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Fixed JS injection vulnerability.

Browse Source 
JavaScript in the user's full name or username was executed when adding
that user to a project.
This commit is contained in:
Sybren A. Stüvel
2017-05-24 16:32:05 +02:00
parent 85b6ff2d7f
commit 12a8a34bdc
1 changed files with 51 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/templates/projects/sharing.jade
View File

@@ -198,31 +198,50 @@ script.
} }
}); });
});
function addUser(userId){ function addUser(userId){
if (userId && userId.length > 0) { if (!userId || userId.length == 0) {
statusBarSet('error', 'Please select a user from the list', 'pi-warning');
return;
}
$.post("{{url_for('projects.sharing', project_url=project.url)}}", $.post("{{url_for('projects.sharing', project_url=project.url)}}",
{user_id: userId, action: 'add'}) {user_id: userId, action: 'add'})
.done(function (data) { .done(function (data) {
var $ul = $("ul.sharing-users-list");
var $li = $('<li>')
.addClass('sharing-users-item added')
.attr('user-id', data._id)
.appendTo($ul);
var $div = $('<div>')
.addClass('sharing-users-avatar')
.appendTo($li);
$('<img>')
.attr('src', data.avatar)
.attr('alt', 'Avatar')
.appendTo($div);
$("ul.sharing-users-list").prepend('' + $div = $('<div>')
'<li class="sharing-users-item" user-id="' + data._id + '">' + .addClass('sharing-users-details')
'<div class="sharing-users-avatar">' + .appendTo($li);
'<img src="' + data.avatar + '">'+ $('<span>')
'</div>' + .addClass('sharing-users-name')
'<div class="sharing-users-details">' + .text(data.full_name)
'<span class="sharing-users-name">' + data.full_name + '</span>' + .appendTo($div);
'<span class="sharing-users-extra">' + data.username + '</span>' + $('<span>')
'</div>' + .addClass('sharing-users-extra')
'<div class="sharing-users-action">' + .text(data.username)
'<button title="Remove this user from your project" class="user-remove">'+ .appendTo($div);
'<i class="pi-trash"></i>'+
'</button>'+ $div = $('<div>')
'</div>'+ .addClass('sharing-users-action')
'</li>'); .appendTo($li);
var $button = $('<button>')
.addClass('user-remove')
.attr('title', 'Remove this user from your project')
.appendTo($div);
$('<i>').addClass('pi-trash').appendTo($button);
$("ul.sharing-users-list").find("[user-id='" + userId + "']").addClass('added');
setTimeout(function(){ $('.sharing-users-item').removeClass('added');}, 350); setTimeout(function(){ $('.sharing-users-item').removeClass('added');}, 350);
statusBarSet('success', 'User added to this project!', 'pi-grin'); statusBarSet('success', 'User added to this project!', 'pi-grin');
}) })
@@ -230,14 +249,7 @@ script.
data = jsxhr.responseJSON; data = jsxhr.responseJSON;
statusBarSet('error', 'Could not add user (' + data.message + ')', 'pi-warning'); statusBarSet('error', 'Could not add user (' + data.message + ')', 'pi-warning');
}); });
} else {
statusBarSet('error', 'Please select a user from the list', 'pi-warning');
} }
};
});
| {% endif %} | {% endif %}
script. script.