From: Stas Vilchik Date: Tue, 29 Sep 2015 12:01:50 +0000 (+0200) Subject: SONAR-6877 SONAR-6878 Fix XSS X-Git-Tag: 5.2-RC1~208 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e314496d2198c3d827dd7baa7ec1c8fe5a4f6fb1;p=sonarqube.git SONAR-6877 SONAR-6878 Fix XSS --- diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb index 249a17f2a08..8a798237370 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb @@ -59,7 +59,7 @@ function init_dashboard() { portal = new Portal(options); <% if params[:highlight] %> - portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>); + portal.highlightWidget('<%= escape_javascript(params[:highlight]) -%>'); <% end %> } $j(document).ready(function(){init_dashboard();}); diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb index e953a41fe6f..6e7bb79fa36 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb @@ -8,7 +8,7 @@ <% if @server_id %>


- <%= @server_id -%> + <%= h @server_id -%> <% if @bad_id %> <%= message('server_id_configuration.bad_key') -%> <% end %> @@ -23,7 +23,7 @@

<%= message('server_id_configuration.organisation.title') -%>

- +

<%= message('server_id_configuration.organisation.desc') -%>

<%= message('server_id_configuration.organisation.pattern') -%> @@ -34,7 +34,7 @@

<%= message('server_id_configuration.ip.title') -%>

- +

<%= message('server_id_configuration.ip.desc') -%>