diff options
| author | Simon Brandhof <simon.brandhof@gmail.com> | 2013-10-29 12:31:32 +0100 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@gmail.com> | 2013-10-29 12:31:32 +0100 |
| commit | b97adae28a2ca77cd77d296d173bdcefaa1de37c (patch) | |
| tree | 93ac8fe12bca902da903d44b66e5aea78857e42e | |
| parent | ef8b36dc567f80e0a334e6fc7254a59f7e2dc9d8 (diff) | |
| download | sonarqube-b97adae28a2ca77cd77d296d173bdcefaa1de37c.tar.gz sonarqube-b97adae28a2ca77cd77d296d173bdcefaa1de37c.zip | |
Fix XSS vulnerabilities in manual rules
3 files changed, 11 insertions, 11 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_create_form.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_create_form.html.erb index 3a7350ae605..060c12253d0 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_create_form.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_create_form.html.erb @@ -7,16 +7,16 @@ <div class="modal-body"> <% if @error %> - <p class="error"><%= @error -%></p> + <p class="error"><%= h @error -%></p> <% end %> <div class="modal-field"> - <label for="manual_rules[]">Name<em class="mandatory">*</em>:</label> + <label for="manual_rules[]">Name <em class="mandatory">*</em></label> <input type="text" name="name" value=""/> <br/> <span class="desc">Ex. : Performance</span> </div> <div class="modal-field"> - <label for="manual_rules[]">Description:</label> + <label for="manual_rules[]">Description <em class="mandatory">*</em></label> <textarea rows="5" cols="25" name="description"></textarea> <br/> </div> @@ -32,4 +32,4 @@ <script> $j("#manual-rules-form").modalForm(); -</script>
\ No newline at end of file +</script> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_edit_form.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_edit_form.html.erb index a09e22f07dc..5dec7c24663 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_edit_form.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/_edit_form.html.erb @@ -2,23 +2,23 @@ <form action="<%= ApplicationController.root_context -%>/manual_rules/edit" method="POST" id="manual-rules-form"> <fieldset> <div class="modal-head"> - <h2>Edit Manual Rule: <%= @rule.name -%></h2> + <h2>Edit Manual Rule: <%= h @rule.name -%></h2> </div> <div class="modal-body"> <% if @error %> - <p class="error"><%= @error -%></p> + <p class="error"><%= h @error -%></p> <% end %> <input type="hidden" name="id" value="<%= @rule.id -%>"/> <div class="modal-field"> - <label for="manual_rules[]">Name<em class="mandatory">*</em>:</label> + <label for="manual_rules[]">Name <em class="mandatory">*</em></label> <input type="text" name="name" value="<%= h @rule.name -%>"/> <br/> <span class="desc">Ex. : Performance</span> </div> <div class="modal-field"> - <label for="manual_rules[]">Description:</label> - <textarea rows="5" cols="25" name="description"><%= h(@rule.description) -%></textarea> + <label for="manual_rules[]">Description <em class="mandatory">*</em></label> + <textarea rows="5" cols="25" name="description"><%= h @rule.description -%></textarea> <br/> </div> </div> @@ -33,4 +33,4 @@ <script> $j("#manual-rules-form").modalForm(); -</script>
\ No newline at end of file +</script> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/index.html.erb index 8925d722f31..4c271d550eb 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/index.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/manual_rules/index.html.erb @@ -37,7 +37,7 @@ <%= link_to_action message('delete'), "#{ApplicationController.root_context}/manual_rules/delete/#{rule.id}", :class => 'link-action link-red', - :id => "delete_#{u(rule.key)}", + :id => "delete_#{rule.key.parameterize}", :confirm_button => message('delete'), :confirm_title => 'Delete rule: '+rule.name, :confirm_msg => 'Are you sure?', |