Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[ui] Also patch another jquery.notify plugin (#2006)
Fix bug using _this and not this.
Make sure we check the message post XSS and tags stripping.
  • Loading branch information
romainr committed Apr 15, 2021
1 parent 6945f58 commit 1095d02
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
4 changes: 2 additions & 2 deletions desktop/core/src/desktop/js/jquery/plugins/jquery.notify.js
Expand Up @@ -53,8 +53,8 @@ Plugin.prototype.show = function () {
_this.options.message = _this.options.message.replace(/(<([^>]+)>)/gi, ''); // escape HTML messages
_this.options.message = hueUtils.deXSS(_this.options.message); // escape XSS messages

if (/^(504|upstream connect error)/.test(this.options.message)) {
console.warn(this.options.message);
if (/^(504|upstream connect error|Gateway Time-out)/.test(_this.options.message.trim())) {
console.warn(_this.options.message);
return;
}

Expand Down
5 changes: 5 additions & 0 deletions desktop/core/src/desktop/static/desktop/js/jquery.notify.js
Expand Up @@ -48,6 +48,11 @@
var _this = this;
var MARGIN = 4;

if (/^(504|upstream connect error|Gateway Time-out)/.test(_this.options.message.trim())) {
console.warn(_this.options.message);
return;
}

_this.options.message = _this.options.message.replace(/(<([^>]+)>)/ig, ''); // escape HTML messages
_this.options.message = hueUtils.deXSS(_this.options.message); // escape XSS messages

Expand Down

0 comments on commit 1095d02

Please sign in to comment.