diff options
| author | Stas Vilchik <vilchiks@gmail.com> | 2015-09-29 14:01:50 +0200 |
|---|---|---|
| committer | Stas Vilchik <vilchiks@gmail.com> | 2015-09-29 14:01:56 +0200 |
| commit | e314496d2198c3d827dd7baa7ec1c8fe5a4f6fb1 (patch) | |
| tree | f35b18dd308a65d8e7625d51aa8ebb2ed4646d8e /server/sonar-web/src/main/webapp | |
| parent | ae8cfc366beb622ea95e2b6654bbc6d404764f02 (diff) | |
| download | sonarqube-e314496d2198c3d827dd7baa7ec1c8fe5a4f6fb1.tar.gz sonarqube-e314496d2198c3d827dd7baa7ec1c8fe5a4f6fb1.zip | |
SONAR-6877 SONAR-6878 Fix XSS
Diffstat (limited to 'server/sonar-web/src/main/webapp')
| -rw-r--r-- | server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb | 2 | ||||
| -rw-r--r-- | server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb index 249a17f2a08..8a798237370 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb @@ -59,7 +59,7 @@ function init_dashboard() { portal = new Portal(options); <% if params[:highlight] %> - portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>); + portal.highlightWidget('<%= escape_javascript(params[:highlight]) -%>'); <% end %> } $j(document).ready(function(){init_dashboard();}); diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb index e953a41fe6f..6e7bb79fa36 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb @@ -8,7 +8,7 @@ <% if @server_id %> <p> <br/> - <span class="<%= @bad_id ? 'error' : 'notice' -%>" id="server_id"><big><%= @server_id -%></big></span> + <span class="<%= @bad_id ? 'error' : 'notice' -%>" id="server_id"><big><%= h @server_id -%></big></span> <% if @bad_id %> <span class="error"><%= message('server_id_configuration.bad_key') -%></span> <% end %> @@ -23,7 +23,7 @@ <h3><%= message('server_id_configuration.organisation.title') -%></h3> </th> <td> - <input type="text" name="organisation" value="<%= @organisation -%>" size="50"/> + <input type="text" name="organisation" value="<%= h @organisation -%>" size="50"/> <br/> <p class="marginbottom10"><%= message('server_id_configuration.organisation.desc') -%></p> <span class="note"><%= message('server_id_configuration.organisation.pattern') -%></span> @@ -34,7 +34,7 @@ <h3><%= message('server_id_configuration.ip.title') -%></h3> </th> <td> - <input type="text" name="address" value="<%= @address -%>"/> + <input type="text" name="address" value="<%= h @address -%>"/> <p class="marginbottom10"><%= message('server_id_configuration.ip.desc') -%></p> <ul class="marginbottom10 bullet"> <% @valid_addresses.each_with_index do |ip_address, index| %> |