From 550899a13480fae40988025213459617c56450b4 Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Tue, 27 Aug 2013 12:15:37 +0200 Subject: [PATCH] SONAR-4269 Escape rule name to prevent XSS --- .../src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb | 2 +- .../src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb | 4 ++-- .../main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb | 4 ++-- .../src/main/webapp/WEB-INF/app/views/rules/show.html.erb | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb index f8901aa0ee4..6e1cb2eeeed 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb @@ -1,4 +1,4 @@ -
+
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb index 279ccb735a8..a0165ac138f 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb @@ -13,7 +13,7 @@ <% end %>
- <%= @rule.plugin_name -%> + <%= h @rule.plugin_name -%>  <%= image_tag 'sep12.png' -%>  - <%= @rule.plugin_rule_key -%> + <%= h @rule.plugin_rule_key -%>
\ No newline at end of file diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb index f86cba607ad..8ccefcb5c1d 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb @@ -1,7 +1,7 @@ <% if @rule %> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb index ab37ce9e1df..2258fdd293e 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb @@ -1,5 +1,5 @@
-

<%= @rule.name %>

+

<%= h @rule.name %>

<% unless @rule.ready? %>
<% if @rule.beta? %> @@ -12,7 +12,7 @@
-<%= @rule.plugin_name -%> : <%= @rule.plugin_rule_key -%> +<%= h @rule.plugin_name -%> : <%= h @rule.plugin_rule_key -%>
-- 2.39.5