From e314496d2198c3d827dd7baa7ec1c8fe5a4f6fb1 Mon Sep 17 00:00:00 2001 From: Stas Vilchik Date: Tue, 29 Sep 2015 14:01:50 +0200 Subject: SONAR-6877 SONAR-6878 Fix XSS --- .../src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb | 2 +- .../webapp/WEB-INF/app/views/server_id_configuration/index.html.erb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb index 249a17f2a08..8a798237370 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb @@ -59,7 +59,7 @@ function init_dashboard() { portal = new Portal(options); <% if params[:highlight] %> - portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>); + portal.highlightWidget('<%= escape_javascript(params[:highlight]) -%>'); <% end %> } $j(document).ready(function(){init_dashboard();}); diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb index e953a41fe6f..6e7bb79fa36 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/server_id_configuration/index.html.erb @@ -8,7 +8,7 @@ <% if @server_id %>


- <%= @server_id -%> + <%= h @server_id -%> <% if @bad_id %> <%= message('server_id_configuration.bad_key') -%> <% end %> @@ -23,7 +23,7 @@

<%= message('server_id_configuration.organisation.title') -%>

- +

<%= message('server_id_configuration.organisation.desc') -%>

<%= message('server_id_configuration.organisation.pattern') -%> @@ -34,7 +34,7 @@

<%= message('server_id_configuration.ip.title') -%>

- +

<%= message('server_id_configuration.ip.desc') -%>