Skip to content

Commit

Permalink
Properly escape text output for node details in html pages
Browse files Browse the repository at this point in the history
  • Loading branch information
@gschueler
gschueler committed Feb 18, 2011
1 parent 9f0a782 commit 2bfe496
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 17 deletions.
8 changes: 4 additions & 4 deletions rundeckapp/grails-app/views/framework/_nodeDetailsSimple.gsp
View file
Expand Up @@ -7,12 +7,12 @@
<g:each in="${['hostname','osFamily','osArch','osVersion','osName','type','username']}" var="key">
<g:if test="${!exclude || !exclude.contains(key)}">
<tr><td class="key"><g:message code="${'node.metadata.'+key}"/></td>
<td class="value">${node[key]}</td></tr>
<td class="value">${node[key]?.encodeAsHTML()}</td></tr>
</g:if>
</g:each>
<g:if test="${!exclude || !exclude.contains('tags')}">
<tr><td class="key"><g:message code="node.metadata.tags"/></td>
<td class="value">${node['tags']?node['tags'].join(','):''}</td></tr>
<td class="value">${(node['tags']?node['tags'].join(','):'').encodeAsHTML()}</td></tr>
</g:if>
</table>

Expand All @@ -23,8 +23,8 @@
<tr><th colspan="2" style="font-size:9pt;">Settings</th></tr>
<g:each var="setting" in="${node.settings.keySet()}">
<tr>
<td class="key setting">${setting}:</td>
<td class="setting Value">${node.settings[setting]}</td>
<td class="key setting">${setting.encodeAsHTML()}:</td>
<td class="setting Value">${node.settings[setting]?.encodeAsHTML()}</td>
</tr>
</g:each>
</table>
Expand Down
6 changes: 3 additions & 3 deletions rundeckapp/grails-app/views/framework/_nodeTooltipView.gsp
View file
@@ -1,10 +1,10 @@
<div id="${key}_tooltip" style="display:none;" class="detailpopup nodedetail ${islocal?'server':''}" >
<div id="${key.encodeAsHTML()}_tooltip" style="display:none;" class="detailpopup nodedetail ${islocal?'server':''}" >
<span >
<img src="${resource(dir:'images',file:'icon-small-Node.png')}" alt="Node" width="16px" height="16px"/>
${node.nodename}
${node.nodename.encodeAsHTML()}
</span>
<span class="desc">
${node.description}
${node.description.encodeAsHTML()}
</span>

<g:render template="nodeDetailsSimple" bean="${node}" var="node"/>
Expand Down
2 changes: 1 addition & 1 deletion rundeckapp/grails-app/views/framework/_nodesEmbed.gsp
View file
Expand Up @@ -13,7 +13,7 @@
<span class="${i%2==1?'alternateRow':''} node_entry ${nodedata.islocal?'server':''}" >
<span class="node_ident" id="${node.nodename}_key">
%{--<img src="${resource(dir:'images',file:'icon-small-Node.png')}" alt="Node" width="16px" height="16px"/>--}%
${node.nodename}
${node.nodename.encodeAsHTML()}
</span>
<g:render template="nodeTooltipView" model="[node:node,key:node.nodename+'_key',islocal:nodedata.islocal]"/>
</span>
Expand Down
16 changes: 8 additions & 8 deletions rundeckapp/grails-app/views/framework/_nodesTableContent.gsp
View file
Expand Up @@ -36,42 +36,42 @@
<g:expander key="${ukey+'node_detail_'+i}" imgfirst="true">
<span class="node_ident" id="${ukey}_${node.nodename}_key">
<img src="${resource(dir:'images',file:'icon-small-Node.png')}" alt="Node" width="16px" height="16px"/>
${resName}
${resName.encodeAsHTML()}
</span>
</g:expander>
</g:if>
<g:else>
<span class="node_ident" id="${ukey}_${node.nodename}_key">
<img src="${resource(dir:'images',file:'icon-small-Node.png')}" alt="Node" width="16px" height="16px"/>
${resName}
${resName.encodeAsHTML()}
</span>
</g:else>

<g:if test="${!session.project}">
<span class="project">
&bull; <span class="action textbtn" onclick="selectProject('${nodedata.project.name.encodeAsJavaScript()}');" title="Select this project">${nodedata.project.name}</span>
&bull; <span class="action textbtn" onclick="selectProject('${nodedata.project.name.encodeAsJavaScript()}');" title="Select this project">${nodedata.project.name.encodeAsHTML()}</span>
</span>
</g:if>
</td>
<td class="desc" title="Description">
<span class="desc">${node.description}</span>
<span class="desc">${node.description?.encodeAsHTML()}</span>
</td>
<td title="Tags">
<g:if test="${node.tags}">
<span class="nodetags">
<g:each var="tag" in="${node.tags}">
<g:link class="tag action" action="nodes" params="${[nodeIncludeTags:tag]}" title="Filter by tag: ${tag}">${tag}</g:link>
<g:link class="tag action" action="nodes" params="${[nodeIncludeTags:tag]}" title="Filter by tag: ${tag.encodeAsHTML()}">${tag.encodeAsHTML()}</g:link>
%{--<span class="action textbtn" onclick="setTagFilter('${tag.encodeAsJavaScript()}');" title="Add to existing filter">+</span>--}%
</g:each>
</span>
</g:if>
</td>

<td class="username" title="Username">
${node.username} <span class="atsign">@</span>
${node.username?.encodeAsHTML()} <span class="atsign">@</span>
</td>
<td class="hostname" title="Hostname">
${node.hostname}
${node.hostname.encodeAsHTML()}
</td>
<td>
<g:if test="${node.attributes?.remoteUrl}">
Expand All @@ -88,7 +88,7 @@
nodecontextdata.project=nodedata.project.name
%>
<g:set var="editUrl" value="${DataContextUtils.replaceDataReferences(node.attributes?.editUrl,[node:nodecontextdata])}" />
<a href="${editUrl}" target="_blank" title="Opens a link to edit this node at a remote site.">Edit</a>
<a href="${editUrl.encodeAsHTML()}" target="_blank" title="Opens a link to edit this node at a remote site.">Edit</a>
</g:elseif>

</td>
Expand Down
2 changes: 1 addition & 1 deletion rundeckapp/grails-app/views/menu/_jobslist.gsp
View file
Expand Up @@ -44,7 +44,7 @@

<g:if test="${!session.project}">
<span class="project">
&bull; <span class="action textbtn" onclick="selectProject('${scheduledExecution.project.encodeAsJavaScript()}');" title="Select this project">${scheduledExecution.project}</span>
&bull; <span class="action textbtn" onclick="selectProject('${scheduledExecution.project.encodeAsJavaScript()}');" title="Select this project">${scheduledExecution.project.encodeAsHTML()}</span>
</span>
</g:if>
<span class="jobdesc" title="${scheduledExecution.description.encodeAsHTML()}">${scheduledExecution.description.encodeAsHTML()}</span>
Expand Down

0 comments on commit 2bfe496

Please sign in to comment.