aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulien Lancelot <julien.lancelot@gmail.com>2013-02-20 15:21:17 +0100
committerJulien Lancelot <julien.lancelot@gmail.com>2013-02-20 15:21:17 +0100
commit443caadddc3de95f78134616334705a0b0a0c8e2 (patch)
tree3d204cee4789c9f847c7b661b133b57b21f8c248
parente7c5bad012f4798d5e8c9b9c15bb18990202ed0f (diff)
downloadsonarqube-443caadddc3de95f78134616334705a0b0a0c8e2.tar.gz
sonarqube-443caadddc3de95f78134616334705a0b0a0c8e2.zip
SONAR-4012 added html escape in violations widget link and gwt javascript
Diffstat
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/helpers/application_helper.rb3
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/views/gwt/_base.html.erb2
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_breadcrumb.html.erb4
3 files changed, 5 insertions, 4 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/helpers/application_helper.rb b/sonar-server/src/main/webapp/WEB-INF/app/helpers/application_helper.rb
index eee3e619126..58e7081283c 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/helpers/application_helper.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/helpers/application_helper.rb
@@ -233,7 +233,8 @@ module ApplicationHelper
url=options[:url]
link_class=''
end
- html="<a href='#{url}' class='#{link_class}' rel='#{link_rel}' title='#{link_rel}'>#{html}</a>"
+ # Do not put url between simple quotes to prevent problem if url contain simple quote
+ html='<a href="'+ url +'"'+ " class='#{link_class}' rel='#{link_rel}' title='#{link_rel}'>#{html}</a>"
end
end
html
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/gwt/_base.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/gwt/_base.html.erb
index a7c83fa0c8c..4ed50332007 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/gwt/_base.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/gwt/_base.html.erb
@@ -20,7 +20,7 @@
index=0
params.each do |key,value|
%>
- <%= ',' if index>0 -%>"<%= key -%>":"<%= value -%>"
+ <%= ',' if index>0 -%>"<%= key -%>":"<%= h(value) -%>"
<%
index+=1
end
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_breadcrumb.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_breadcrumb.html.erb
index 1cef8792693..5f71bcf1464 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_breadcrumb.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/layouts/_breadcrumb.html.erb
@@ -1,4 +1,4 @@
-<%
+<%
displayed_resource = @resource || @project
%>
@@ -37,7 +37,7 @@
<% end %>
</ul>
</div>
-
+
<% elsif displayed_resource %>
<div id="crumbs">
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-04 08:19:43 +0000