Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

networkmanager: Strict Content-Security-Policy #4021

Closed

Conversation

Projects
None yet
2 participants
@stefwalter
Copy link
Contributor

commented Mar 16, 2016

Remove all inline and unsafe styling and scripts from networkmanager component. That also means removing bootstrap-select

@stefwalter stefwalter force-pushed the stefwalter:networkmanager-csp branch from 78ee0b4 to 052928e Mar 16, 2016

$('#networking-interfaces tr[data-interface="' + shell.esc(id) + '"]').addClass('highlight');
$('#networking-interfaces tr')
.attr("data-interface", id)
.addClass('highlight');

This comment has been minimized.

Copy link
@mvollmer

mvollmer Mar 17, 2016

Member

The new code sets all data-interface attributes of all rows to id, no? I agree we should stop constructing a jQuery expression here. I think we need to explicitly loop like this

$('#network-interfaces tr').each(function (i, tr) {
  if ($(tr).attr('data-interface') == id)
    $(tr).addClass('highlight');
});
@@ -1396,7 +1398,7 @@ PageNetworking.prototype = {
var samples = usage_samples[iface];
var rx = samples[0][0];
var tx = samples[1][0];
var row = $('#networking-interfaces tr[data-sample-id="' + shell.esc(iface) + '"]');
var row = $('#networking-interfaces tr').attr("data-sample-id", iface);

This comment has been minimized.

Copy link
@mvollmer

mvollmer Mar 17, 2016

Member

Same as above.

$('#network-interface-slaves tr[data-interface="' + shell.esc(id) + '"]').addClass('highlight');
$('#network-interface-slaves tr')
.attr("data-interface", id)
.addClass('highlight');

This comment has been minimized.

Copy link
@mvollmer
@@ -1717,7 +1721,8 @@ PageNetworkInterface.prototype = {
var samples = usage_samples[iface];
var rx = samples[0][0];
var tx = samples[1][0];
var row = $('#network-interface-slaves tr[data-sample-id="' + shell.esc(iface) + '"]');
var row = $('#network-interface-slaves tr')
.attr("data-sample-id", iface);

This comment has been minimized.

Copy link
@mvollmer

@mvollmer mvollmer added the needswork label Mar 17, 2016

@mvollmer mvollmer self-assigned this Mar 17, 2016

@stefwalter stefwalter force-pushed the stefwalter:networkmanager-csp branch from 052928e to 004912c Mar 17, 2016

@stefwalter

This comment has been minimized.

Copy link
Contributor Author

commented Mar 17, 2016

Replaced shell.esc with encodeURIComponent(). Is that good enough?

@stefwalter stefwalter removed the needswork label Mar 17, 2016

stefwalter added some commits Mar 16, 2016

shell: Remove shell.esc from old cockpit-util.js
It's not necessary. The use in networkmanager was superfluous
networkmanager: Strict Content-Security-Policy
Remove all inline and unsafe styling and scripts from networkmanager
component. That also means removing bootstrap-select
networkmanager: Move shell.select_btn() into networkmanager
Remove it from host.js, it's not needed there. So it's only used
in networkmanager now.

@stefwalter stefwalter force-pushed the stefwalter:networkmanager-csp branch from 004912c to 653435f Mar 17, 2016

@stefwalter

This comment has been minimized.

Copy link
Contributor Author

commented Mar 17, 2016

Added encodeURIComponent() when setting data- attributes as well.

@mvollmer

This comment has been minimized.

Copy link
Member

commented Mar 17, 2016

Replaced shell.esc with encodeURIComponent(). Is that good enough?

Should be enough.

@mvollmer mvollmer closed this in 0edaecf Mar 17, 2016

@stefwalter stefwalter deleted the stefwalter:networkmanager-csp branch Mar 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.