Permalink
Browse files

FMC-495 FMC susceptible to cross site scripting issues

  • Loading branch information...
1 parent 1548257 commit e280cb370323eeb759030919d5111ed809e8ded5 @gashcrumb gashcrumb committed Aug 20, 2013
@@ -129,7 +129,7 @@ define [
tagName: "option"
attr:
"value": model.id
- template: _.template("#{model.id}")
+ template: _.template("#{FON.escapeHtml(model.id)}")
on_render: =>
super
if @versions.get(@version.id)
@@ -150,7 +150,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
- template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a>#{model.id}""")
+ template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a>#{FON.escapeHtml(model.id)}""")
elements:
".delete": "delete"
on_render: (controller) ->
@@ -111,7 +111,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
- template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a><a href="#" class="view">{{id}}</a>""")
+ template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a><a href="#" class="view">{{FON.escapeHtml(id)}}</a>""")
elements:
".delete": "delete"
".view": "view"
@@ -166,7 +166,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
- template: _.template('<a href=#/containers/{{id}}>{{id}}</a>')
+ template: _.template('<a href=#/containers/{{id}}>{{FON.escapeHtml(id)}}</a>')
class ValueListEntry extends FON.TemplateController
@@ -137,7 +137,7 @@ define [
class RoleEntry extends FON.ModelBackedTemplate
tagName:"li"
- template: _.template("""<a href="#" class="delete-role" title="Delete role"><img src="img/x-16.png"></a>{{id}}""")
+ template: _.template("""<a href="#" class="delete-role" title="Delete role"><img src="img/x-16.png"></a>{{FON.escapeHtml(id)}}""")
elements:
"a.delete-role": "delete"

0 comments on commit e280cb3

Please sign in to comment.