Skip to content
Permalink
Browse files Browse the repository at this point in the history
Bug fix 3.7/escape jquery uploadfile plugin filestring and filelistst…
…ring (#13987)

* added escaping of the filename string when printing it in the web ui

* changelog

* Rebuild UI

Co-authored-by: Vadim <vadim@arangodb.com>
  • Loading branch information
hkernbach and KVS85 committed Apr 16, 2021
1 parent 5463e35 commit 3e486b9
Show file tree
Hide file tree
Showing 18 changed files with 62 additions and 59 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG
@@ -1,6 +1,9 @@
v3.7.11 (XXXX-XX-XX)
--------------------

* Web UI - Added missing HTML escaping inside the file upload plugin used in the
section of deploying a new Foxx application when uploading a zip file.

* Fix BTS-352: removed assertion for success of a RocksDB function and throw a
proper exception instead.

Expand Down
Expand Up @@ -227,7 +227,7 @@
fileNameStr += " ("+getSizeStr(filesize)+")";


pd.filename.html(fileNameStr);
pd.filename.html(arangoHelper.escapeHtml(fileNameStr));
obj.fileCounter++;
obj.selectedFiles++;
if(s.showPreview)
Expand Down Expand Up @@ -409,7 +409,7 @@

ts.fileData = fd;
var pd = new createProgressDiv(obj, s);
pd.filename.html(fileListStr);
pd.filename.html(arangoHelper.escapeHtml(fileNameStr));
var form = $("<form style='display:block; position:absolute;left: 150px;' class='" + obj.formGroup + "' method='" + s.method + "' action='" + s.url + "' enctype='" + s.enctype + "'></form>");
form.appendTo('body');
ajaxFormSubmit(form, ts, pd, fileArray, obj);
Expand Down Expand Up @@ -463,7 +463,7 @@
if(s.showFileSize)
fileNameStr += " ("+getSizeStr(files[i].size)+")";

pd.filename.html(fileNameStr);
pd.filename.html(arangoHelper.escapeHtml(fileNameStr));
var form = $("<form style='display:block; position:absolute;left: 150px;' class='" + obj.formGroup + "' method='" + s.method + "' action='" +
s.url + "' enctype='" + s.enctype + "'></form>");
form.appendTo('body');
Expand Down Expand Up @@ -606,7 +606,7 @@
obj.selectedFiles += fileArray.length;

var pd = new createProgressDiv(obj, s);
pd.filename.html(fileList);
pd.filename.html(arangoHelper.escapeHtml(fileList));
ajaxFormSubmit(form, s, pd, fileArray, obj, null);
}

Expand Down
@@ -1,16 +1,16 @@
{
"main.css": "static/css/main.82aeebdd.chunk.css",
"main.js": "static/js/main.f761f5e5.chunk.js",
"main.js.map": "static/js/main.f761f5e5.chunk.js.map",
"main.js": "static/js/main.6c4bc28f.chunk.js",
"main.js.map": "static/js/main.6c4bc28f.chunk.js.map",
"runtime~main.js": "static/js/runtime~main.b7f3a89c.js",
"runtime~main.js.map": "static/js/runtime~main.b7f3a89c.js.map",
"static/css/2.b3a90c9b.chunk.css": "static/css/2.b3a90c9b.chunk.css",
"static/js/2.aae4c80f.chunk.js": "static/js/2.aae4c80f.chunk.js",
"static/js/2.aae4c80f.chunk.js.map": "static/js/2.aae4c80f.chunk.js.map",
"index.html": "index.html",
"index.html.gz": "index.html.gz",
"precache-manifest.6a6cf59d0e8f4babe46316c29c96f1c4.js": "precache-manifest.6a6cf59d0e8f4babe46316c29c96f1c4.js",
"precache-manifest.6a6cf59d0e8f4babe46316c29c96f1c4.js.gz": "precache-manifest.6a6cf59d0e8f4babe46316c29c96f1c4.js.gz",
"precache-manifest.f8fba6c99030fb8752864226ca8cb0bf.js": "precache-manifest.f8fba6c99030fb8752864226ca8cb0bf.js",
"precache-manifest.f8fba6c99030fb8752864226ca8cb0bf.js.gz": "precache-manifest.f8fba6c99030fb8752864226ca8cb0bf.js.gz",
"service-worker.js": "service-worker.js",
"service-worker.js.gz": "service-worker.js.gz",
"static/css/2.b3a90c9b.chunk.css.gz": "static/css/2.b3a90c9b.chunk.css.gz",
Expand All @@ -23,10 +23,10 @@
"static/js/2.aae4c80f.chunk.js.LICENSE.txt.gz": "static/js/2.aae4c80f.chunk.js.LICENSE.txt.gz",
"static/js/2.aae4c80f.chunk.js.gz": "static/js/2.aae4c80f.chunk.js.gz",
"static/js/2.aae4c80f.chunk.js.map.gz": "static/js/2.aae4c80f.chunk.js.map.gz",
"static/js/main.f761f5e5.chunk.js.LICENSE.txt": "static/js/main.f761f5e5.chunk.js.LICENSE.txt",
"static/js/main.f761f5e5.chunk.js.LICENSE.txt.gz": "static/js/main.f761f5e5.chunk.js.LICENSE.txt.gz",
"static/js/main.f761f5e5.chunk.js.gz": "static/js/main.f761f5e5.chunk.js.gz",
"static/js/main.f761f5e5.chunk.js.map.gz": "static/js/main.f761f5e5.chunk.js.map.gz",
"static/js/main.6c4bc28f.chunk.js.LICENSE.txt": "static/js/main.6c4bc28f.chunk.js.LICENSE.txt",
"static/js/main.6c4bc28f.chunk.js.LICENSE.txt.gz": "static/js/main.6c4bc28f.chunk.js.LICENSE.txt.gz",
"static/js/main.6c4bc28f.chunk.js.gz": "static/js/main.6c4bc28f.chunk.js.gz",
"static/js/main.6c4bc28f.chunk.js.map.gz": "static/js/main.6c4bc28f.chunk.js.map.gz",
"static/js/runtime~main.b7f3a89c.js.gz": "static/js/runtime~main.b7f3a89c.js.gz",
"static/js/runtime~main.b7f3a89c.js.map.gz": "static/js/runtime~main.b7f3a89c.js.map.gz",
"static/media/style.scss": "static/media/fontawesome-webfont.e6cf7c6e.woff2",
Expand Down
2 changes: 1 addition & 1 deletion js/apps/system/_admin/aardvark/APP/react/build/index.html

Large diffs are not rendered by default.

Binary file modified js/apps/system/_admin/aardvark/APP/react/build/index.html.gz
Binary file not shown.
Binary file not shown.
@@ -1,11 +1,11 @@
self.__precacheManifest = [
{
"revision": "f761f5e5af17e9fa7726",
"revision": "6c4bc28f8115b44395b2",
"url": "static/css/main.82aeebdd.chunk.css"
},
{
"revision": "f761f5e5af17e9fa7726",
"url": "static/js/main.f761f5e5.chunk.js"
"revision": "6c4bc28f8115b44395b2",
"url": "static/js/main.6c4bc28f.chunk.js"
},
{
"revision": "b7f3a89c186b069a4989",
Expand Down Expand Up @@ -39,74 +39,78 @@ self.__precacheManifest = [
"revision": "11bbcff6f99be028bf04e2e200299b31",
"url": "static/media/OpenSansLight.11bbcff6.woff"
},
{
"revision": "f71094988de2d6567eb9caba78f61041",
"url": "static/media/OpenSans.f7109498.woff"
},
{
"revision": "2af7a71056d6f2fe2cb2e35c358b59de",
"url": "static/media/OpenSansBold.2af7a710.woff"
},
{
"revision": "403dee4359ca42b1d096976fda3ef95c",
"url": "static/media/OpenSansItalic.403dee43.woff"
"revision": "f71094988de2d6567eb9caba78f61041",
"url": "static/media/OpenSans.f7109498.woff"
},
{
"revision": "05f81795ee61b18a60d5be1b40714e01",
"url": "static/media/OpenSansLightItalic.05f81795.woff"
},
{
"revision": "84b1d9bb65b585d4b4a72ee9cefb2ac2",
"url": "static/media/OpenSansBoldItalic.84b1d9bb.woff"
"revision": "403dee4359ca42b1d096976fda3ef95c",
"url": "static/media/OpenSansItalic.403dee43.woff"
},
{
"revision": "e6cf7c6ec7c2d6f670ae9d762604cb0b",
"url": "static/media/fontawesome-webfont.e6cf7c6e.woff2"
"revision": "84b1d9bb65b585d4b4a72ee9cefb2ac2",
"url": "static/media/OpenSansBoldItalic.84b1d9bb.woff"
},
{
"revision": "25a32416abee198dd821b0b17a198a8f",
"url": "static/media/fontawesome-webfont.25a32416.eot"
},
{
"revision": "c3547b2ec6f5eb324b44d8a0c6b2dd31",
"url": "static/media/Roboto-300.c3547b2e.eot"
},
{
"revision": "16a9467557c38b4e1b19e981bd17fe3f",
"url": "static/media/Roboto-300.16a94675.woff2"
"revision": "e6cf7c6ec7c2d6f670ae9d762604cb0b",
"url": "static/media/fontawesome-webfont.e6cf7c6e.woff2"
},
{
"revision": "c8ddf1e5e5bf3682bc7bebf30f394148",
"url": "static/media/fontawesome-webfont.c8ddf1e5.woff"
},
{
"revision": "1dc35d25e61d819a9c357074014867ab",
"url": "static/media/fontawesome-webfont.1dc35d25.ttf"
},
{
"revision": "d7c639084f684d66a1bc66855d193ed8",
"url": "static/media/fontawesome-webfont.d7c63908.svg"
},
{
"revision": "7e2d32e7141050d758a38b4ec96390c0",
"url": "static/media/Roboto-300.7e2d32e7.woff"
},
{
"revision": "1dc35d25e61d819a9c357074014867ab",
"url": "static/media/fontawesome-webfont.1dc35d25.ttf"
"revision": "c3547b2ec6f5eb324b44d8a0c6b2dd31",
"url": "static/media/Roboto-300.c3547b2e.eot"
},
{
"revision": "634f53eb79efa455a9e9d85d608b3447",
"url": "static/media/Roboto-300.634f53eb.ttf"
"revision": "16a9467557c38b4e1b19e981bd17fe3f",
"url": "static/media/Roboto-300.16a94675.woff2"
},
{
"revision": "1edaa6e50c2302bf0221d252e1caebb4",
"url": "static/media/Roboto-300.1edaa6e5.svg"
},
{
"revision": "9f916e330c478bbfa2a0dd6614042046",
"url": "static/media/Roboto-regular.9f916e33.eot"
"revision": "634f53eb79efa455a9e9d85d608b3447",
"url": "static/media/Roboto-300.634f53eb.ttf"
},
{
"revision": "f84cb1bf9be983133497000554605b4d",
"url": "static/media/Roboto-regular.f84cb1bf.woff2"
"revision": "9f916e330c478bbfa2a0dd6614042046",
"url": "static/media/Roboto-regular.9f916e33.eot"
},
{
"revision": "f94d5e5102359961c44a1da1b58d37c9",
"url": "static/media/Roboto-regular.f94d5e51.woff"
},
{
"revision": "f84cb1bf9be983133497000554605b4d",
"url": "static/media/Roboto-regular.f84cb1bf.woff2"
},
{
"revision": "38861cba61c66739c1452c3a71e39852",
"url": "static/media/Roboto-regular.38861cba.ttf"
Expand All @@ -115,10 +119,6 @@ self.__precacheManifest = [
"revision": "3d3a53586bd78d1069ae4b89a3b9aa98",
"url": "static/media/Roboto-regular.3d3a5358.svg"
},
{
"revision": "d7c639084f684d66a1bc66855d193ed8",
"url": "static/media/fontawesome-webfont.d7c63908.svg"
},
{
"revision": "2a52a20f9a56010ec5d985abe9bebcc9",
"url": "static/media/Roboto-500.2a52a20f.eot"
Expand All @@ -139,26 +139,26 @@ self.__precacheManifest = [
"revision": "f1d811cdfaea49c969500d4bbe52251b",
"url": "static/media/Roboto-500.f1d811cd.svg"
},
{
"revision": "128879da78c6c8eb4e2c07fa3732cea7",
"url": "static/media/Roboto-700.128879da.eot"
},
{
"revision": "3b38c16e4b39e5fd4017cd5055b0d505",
"url": "static/media/Roboto-700.3b38c16e.woff2"
},
{
"revision": "43183beef21370d8a4b0d64152287eba",
"url": "static/media/Roboto-700.43183bee.woff"
"revision": "128879da78c6c8eb4e2c07fa3732cea7",
"url": "static/media/Roboto-700.128879da.eot"
},
{
"revision": "7f57c4c0f3b44acbe338d7ff6d6ee5b1",
"url": "static/media/Roboto-700.7f57c4c0.svg"
"revision": "43183beef21370d8a4b0d64152287eba",
"url": "static/media/Roboto-700.43183bee.woff"
},
{
"revision": "ad97d029a11d8b39692037e753d23d1f",
"url": "static/media/Roboto-700.ad97d029.ttf"
},
{
"revision": "7f57c4c0f3b44acbe338d7ff6d6ee5b1",
"url": "static/media/Roboto-700.7f57c4c0.svg"
},
{
"revision": "be6a1f63d6f3220ece77a887f0046a26",
"url": "static/media/cpu.be6a1f63.svg"
Expand All @@ -181,14 +181,14 @@ self.__precacheManifest = [
},
{
"revision": "6f627a0f557156e94eefe1aa36b7648f",
"url": "static/js/main.f761f5e5.chunk.js.LICENSE.txt"
"url": "static/js/main.6c4bc28f.chunk.js.LICENSE.txt"
},
{
"revision": "667ec03b3680ee2082747e7bcec288fc",
"url": "static/js/2.aae4c80f.chunk.js.LICENSE.txt"
},
{
"revision": "bfb4027ab500d5f11656960a785b53fe",
"revision": "589403f14c9da07b4d69ab65060dd313",
"url": "index.html"
}
];
Binary file not shown.
Expand Up @@ -14,7 +14,7 @@
importScripts("https://storage.googleapis.com/workbox-cdn/releases/3.6.3/workbox-sw.js");

importScripts(
"precache-manifest.6a6cf59d0e8f4babe46316c29c96f1c4.js"
"precache-manifest.f8fba6c99030fb8752864226ca8cb0bf.js"
);

workbox.clientsClaim();
Expand Down
Binary file not shown.

Large diffs are not rendered by default.

Binary file not shown.

Large diffs are not rendered by default.

Binary file not shown.
Binary file not shown.
Binary file not shown.

0 comments on commit 3e486b9

Please sign in to comment.