Skip to content
Permalink
Browse files Browse the repository at this point in the history
FMC-495 FMC susceptible to cross site scripting issues
  • Loading branch information
gashcrumb committed Aug 20, 2013
1 parent 1548257 commit e280cb3
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
Expand Up @@ -129,7 +129,7 @@ define [
tagName: "option"
attr:
"value": model.id
template: _.template("#{model.id}")
template: _.template("#{FON.escapeHtml(model.id)}")
on_render: =>
super
if @versions.get(@version.id)
Expand All @@ -150,7 +150,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a>#{model.id}""")
template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a>#{FON.escapeHtml(model.id)}""")
elements:
".delete": "delete"
on_render: (controller) ->
Expand Down
Expand Up @@ -111,7 +111,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a><a href="#" class="view">{{id}}</a>""")
template: _.template("""<a href="#" class="delete"><img src="img/x-16.png"></a><a href="#" class="view">{{FON.escapeHtml(id)}}</a>""")
elements:
".delete": "delete"
".view": "view"
Expand Down Expand Up @@ -166,7 +166,7 @@ define [
FON.model_backed_template
model: model
tagName: "li"
template: _.template('<a href=#/containers/{{id}}>{{id}}</a>')
template: _.template('<a href=#/containers/{{id}}>{{FON.escapeHtml(id)}}</a>')


class ValueListEntry extends FON.TemplateController
Expand Down
Expand Up @@ -137,7 +137,7 @@ define [
class RoleEntry extends FON.ModelBackedTemplate
tagName:"li"

template: _.template("""<a href="#" class="delete-role" title="Delete role"><img src="img/x-16.png"></a>{{id}}""")
template: _.template("""<a href="#" class="delete-role" title="Delete role"><img src="img/x-16.png"></a>{{FON.escapeHtml(id)}}""")
elements:
"a.delete-role": "delete"

Expand Down

0 comments on commit e280cb3

Please sign in to comment.