diff options
| author | Julien Lancelot <julien.lancelot@gmail.com> | 2013-08-27 12:15:37 +0200 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@gmail.com> | 2013-08-27 12:15:37 +0200 |
| commit | 550899a13480fae40988025213459617c56450b4 (patch) | |
| tree | e30ae0365fa95dcf0f4bbe5c949c3db15af9f3f8 /sonar-server/src/main/webapp | |
| parent | 5b3813ad31de4d301f3fdb53ed8173b775b59c82 (diff) | |
| download | sonarqube-550899a13480fae40988025213459617c56450b4.tar.gz sonarqube-550899a13480fae40988025213459617c56450b4.zip | |
SONAR-4269 Escape rule name to prevent XSS
Diffstat (limited to 'sonar-server/src/main/webapp')
4 files changed, 7 insertions, 7 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb index f8901aa0ee4..6e1cb2eeeed 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb @@ -1,4 +1,4 @@ -<div class="code-issue" data-issue-key="<%= issue.key -%>" data-issue-component="<%= issue.componentKey() -%>" data-issue-rule="<%= issue.ruleKey().toString() -%>"> +<div class="code-issue" data-issue-key="<%= issue.key -%>" data-issue-component="<%= issue.componentKey() -%>" data-issue-rule="<%= u issue.ruleKey().toString() -%>"> <div class="code-issue-name"> <div style="float: right"> <a href="#" onclick="return openIssuePopup(this)" class="issue-permalink"><img src="<%= ApplicationController.root_context -%>/images/new-window-16.gif"></a> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb index 279ccb735a8..a0165ac138f 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_rule.html.erb @@ -13,7 +13,7 @@ <% end %> <div class="note"> - <%= @rule.plugin_name -%> + <%= h @rule.plugin_name -%> <%= image_tag 'sep12.png' -%> - <a href="#" onclick="return openIssueRulePopup(this)"><%= @rule.plugin_rule_key -%></a> + <a href="#" onclick="return openIssueRulePopup(this)"><%= h @rule.plugin_rule_key -%></a> </div>
\ No newline at end of file diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb index f86cba607ad..8ccefcb5c1d 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/_show_modal.html.erb @@ -1,7 +1,7 @@ <% if @rule %> <div class="modal-head"> <h2 class="rule-title"> - <%= @rule.name %> + <%= h @rule.name %> </h2> <% unless @rule.ready? %> <div class="rule-status"> @@ -13,7 +13,7 @@ </div> <% end %> <ul class="modal-head-metadata"> - <li><%= @rule.plugin_name -%> : <%= @rule.plugin_rule_key -%></li> + <li><%= h @rule.plugin_name -%> : <%= h @rule.plugin_rule_key -%></li> </ul> </div> diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb index ab37ce9e1df..2258fdd293e 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/rules/show.html.erb @@ -1,5 +1,5 @@ <div> - <h1 class="rule-title"><%= @rule.name %></h1> + <h1 class="rule-title"><%= h @rule.name %></h1> <% unless @rule.ready? %> <div class="rule-status"> <% if @rule.beta? %> @@ -12,7 +12,7 @@ </div> <div class="subtitle"> -<%= @rule.plugin_name -%> : <%= @rule.plugin_rule_key -%> +<%= h @rule.plugin_name -%> : <%= h @rule.plugin_rule_key -%> </div> <div class="rule_detail"> |