SONAR-4269 Fix XSS in configuration of dashboard

author Simon Brandhof <simon.brandhof@gmail.com>

Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)

committer Simon Brandhof <simon.brandhof@gmail.com>

Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)
author Simon Brandhof <simon.brandhof@gmail.com>
Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)
committer Simon Brandhof <simon.brandhof@gmail.com>
Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb

index 310216edab045d790ee7d54a6bb8f317ca568910..9ffb899f05efea60f7fff68904e3c24eb9f4fdb2 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb
@@ -64,7 +64,7 @@
    function init_dashboard() {
      portal = new Portal(options);
    <% if params[:highlight] %>
-    portal.highlightWidget(<%= params[:highlight] -%>);
+    portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>);
    <% end %>
    }
    $j(document).ready(function(){init_dashboard();});
author	Simon Brandhof <simon.brandhof@gmail.com>
	Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)
committer	Simon Brandhof <simon.brandhof@gmail.com>
	Mon, 12 Aug 2013 16:14:08 +0000 (18:14 +0200)