* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import escapeHtml from 'escape-html';
import ModalFormView from '../../components/common/modal-form';
import Template from './templates/coding-rules-bulk-change-modal.hbs';
import { translateWithParameters } from '../../helpers/l10n';
const profileBase = this.options.app.qualityProfiles.find(p => p.key === profile);
const message = translateWithParameters(
'coding_rules.bulk_change.success',
- profileBase.name,
- profileBase.language,
+ escapeHtml(profileBase.name),
+ escapeHtml(profileBase.language),
succeeded
);
this.ui.messagesContainer.append(`<div class="alert alert-success">${message}</div>`);
const profileBase = this.options.app.qualityProfiles.find(p => p.key === profile);
const message = translateWithParameters(
'coding_rules.bulk_change.warning',
- profileBase.name,
- profileBase.language,
+ escapeHtml(profileBase.name),
+ escapeHtml(profileBase.language),
succeeded,
failed
);
this.$('#coding-rules-bulk-change-profile').select2({
width: '250px',
minimumResultsForSearch: 1,
- openOnEnter: false
+ openOnEnter: false,
+ escapeMarkup: markup => markup
});
},
}
return profiles
.filter(profile => profile.actions && profile.actions.edit)
- .filter(profile => !profile.isBuiltIn);
+ .filter(profile => !profile.isBuiltIn)
+ .map(profile => ({ ...profile, name: escapeHtml(profile.name) }));
},
serializeData() {
*/
import $ from 'jquery';
import Backbone from 'backbone';
+import escapeHtml from 'escape-html';
import ModalForm from '../../../components/common/modal-form';
import Template from '../templates/rule/coding-rules-profile-activation.hbs';
import { csvEscape } from '../../../helpers/csv';
this.ui.qualityProfileSelect.select2({
width: '250px',
- minimumResultsForSearch: 5
+ minimumResultsForSearch: 5,
+ escapeMarkup: escapeHtml,
+ formatResult: result => result.text
});
const that = this;
const availableProfiles = this.getAvailableQualityProfiles(this.options.rule.get('lang'));
const contextProfile = this.options.app.state.get('query').qprofile;
- // decrease depth by 1, so the top level starts at 0
+ // decrease depth by 1, so the top level starts at 0, and escape name to prevent xss
const profilesWithDepth = sortProfiles(availableProfiles).map(profile => ({
...profile,
depth: profile.depth - 1
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import $ from 'jquery';
+import escapeHtml from 'escape-html';
import { difference, union } from 'lodash';
import Marionette from 'backbone.marionette';
import RuleFilterMixin from './rule-filter-mixin';
tags => {
this.ui.tagInput.select2({
tags: difference(difference(tags, this.model.get('tags')), this.model.get('sysTags')),
- width: '300px'
+ width: '300px',
+ escapeMarkup: escapeHtml,
+ formatResult: result => result.text
});
this.ui.tagsEdit.removeClass('hidden');
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import escapeHtml from 'escape-html';
import ModalForm from '../../components/common/modal-form';
import Metrics from '../metrics/metrics';
import Template from './templates/custom-measures-form.hbs';
this.$('[data-toggle="tooltip"]').tooltip({ container: 'body', placement: 'bottom' });
this.$('#create-custom-measure-metric').select2({
width: '250px',
- minimumResultsForSearch: 20
+ minimumResultsForSearch: 20,
+ escapeMarkup: escapeHtml,
+ formatResult: result => result.text
});
},
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import $ from 'jquery';
+import escapeHtml from 'escape-html';
import ModalForm from '../../components/common/modal-form';
import Template from './templates/metrics-form.hbs';
return { id: item, text: item };
});
options.callback({ results, more: false });
- }
+ },
+ escapeMarkup: escapeHtml,
+ formatResult: result => result.text
})
.select2('val', this.model && this.model.get('domain'));
this.$('#create-metric-type').select2({ width: '250px' });
onRender() {
ModalForm.prototype.onRender.apply(this, arguments);
this.$('[data-toggle="tooltip"]').tooltip({ container: 'body', placement: 'bottom' });
- this.$('#create-custom-measure-metric').select2({
- width: '250px',
- minimumResultsForSearch: 20
- });
},
onDestroy() {
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import escapeHtml from 'escape-html';
import ModalForm from '../../../../components/common/modal-form';
import { applyTemplateToProject, getPermissionTemplates } from '../../../../api/permissions';
import Template from '../templates/ApplyTemplateTemplate.hbs';
ModalForm.prototype.onRender.apply(this, arguments);
this.$('#project-permissions-template').select2({
width: '250px',
- minimumResultsForSearch: 20
+ minimumResultsForSearch: 20,
+ escapeMarkup: escapeHtml,
+ formatResult: result => result.text
});
},
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import escapeHtml from 'escape-html';
import ModalView from './modals';
export default ModalView.extend({
const container = this.ui.messagesContainer.empty();
if (Array.isArray(errors)) {
errors.forEach(error => {
- const html = `<div class="alert alert-danger">${error.msg}</div>`;
+ const html = `<div class="alert alert-danger">${escapeHtml(error.msg)}</div>`;
container.append(html);
});
}
if (Array.isArray(warnings)) {
warnings.forEach(warn => {
- const html = `<div class="alert alert-warning">${warn.msg}</div>`;
+ const html = `<div class="alert alert-warning">${escapeHtml(warn.msg)}</div>`;
container.append(html);
});
}
projects / sonarqube.git / commitdiff