From: Stas Vilchik Date: Wed, 15 Oct 2014 13:33:35 +0000 (+0200) Subject: SSF-21 XSS vulnerability on Measures page X-Git-Tag: 4.5.1-RC1~27 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=83df107f0e400048a12cc1cac0863f495d64550c;p=sonarqube.git SSF-21 XSS vulnerability on Measures page --- diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/measures/search.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/measures/search.html.erb index 397b575f01d..168c56d5b9e 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/measures/search.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/measures/search.html.erb @@ -106,8 +106,8 @@ var queryParams = [ - { key: 'qualifiers[]', value: <%= @filter.criteria['qualifiers'].to_json -%> }, - { key: 'alertLevels[]', value: <%= @filter.criteria['alertLevels'].to_json -%> }, + { key: 'qualifiers[]', value: <%= json_escape(@filter.criteria['qualifiers'].to_json) -%> }, + { key: 'alertLevels[]', value: <%= json_escape(@filter.criteria['alertLevels'].to_json) -%> }, { key: 'fromDate', value: '<%= h @filter.criteria['fromDate'] -%>' }, { key: 'toDate', value: '<%= h @filter.criteria['toDate'] -%>' }, { key: 'ageMinDays', value: '<%= h @filter.criteria('ageMinDays') -%>' },