This repository has been archived by the owner on Jan 7, 2018. It is now read-only.
Permalink
Show file tree
Hide file tree
16 changes: 2 additions & 14 deletions
16
app/assets/javascripts/admin/views/admin_groups/table_view.js
22 changes: 15 additions & 7 deletions
22
app/assets/javascripts/admin/views/stats/logs_table_view.js
17 changes: 5 additions & 12 deletions
17
app/assets/javascripts/admin/views/stats/users_table_view.js
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix XSS escaping issues in the admin data tables.
I mistakenly thought DataTables escaped things by default, but this is not the case. Escape all data tables fields now and add capybara integrations tests to ensure this is effective. Setting up the Capybara tests required a slight change in the analytics "Filter Logs" table, since the ajax request needs to be performed via POST instead of GET. I think this is due to the length of the URL involved in the query. This had worked in most browsers, but I'm guessing this was broken in IE anyway, so it's probably a good idea anyway.
- Loading branch information
Showing
13 changed files
with
148 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -71,6 +71,7 @@ | |
| collection do | ||
| get "search" | ||
| get "logs" | ||
| post "logs" | ||
| get "users" | ||
| get "map" | ||
| end | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.