[syncope] branch 2_1_X updated: [SYNCOPE-1549] whitelisted javascript in href attributes

Mon, 24 Aug 2020 06:05:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

andreapatricelli pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_1_X by this push:
     new feacc1a  [SYNCOPE-1549] whitelisted javascript in href attributes
feacc1a is described below

commit feacc1a2b3e31b13bf53be0d6886a36cd6e762bd
Author: Andrea Patricelli <andreapatrice...@apache.org>
AuthorDate: Mon Aug 24 15:03:18 2020 +0200

    [SYNCOPE-1549] whitelisted javascript in href attributes
---
 .../enduser/src/main/resources/META-INF/resources/app/js/app.js   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js 
b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
index c2f9d9f..3bb3c88 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
@@ -46,8 +46,10 @@ var app = angular.module('SyncopeEnduserApp', [
   'ngAria'
 ]);
 
-app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', 
'$translateProvider', '$translatePartialLoaderProvider',
-  function ($stateProvider, $urlRouterProvider, $httpProvider, 
$translateProvider, $translatePartialLoaderProvider) {
+app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', 
'$translateProvider',
+  '$translatePartialLoaderProvider', '$compileProvider',
+  function ($stateProvider, $urlRouterProvider, $httpProvider, 
$translateProvider,
+          $translatePartialLoaderProvider, $compileProvider) {
     /*
      
|--------------------------------------------------------------------------
      | Syncope Enduser AngularJS providers configuration
@@ -315,6 +317,8 @@ app.config(['$stateProvider', '$urlRouterProvider', 
'$httpProvider', '$translate
         }
       };
     });
+    // SYNCOPE-1549
+    $compileProvider.aHrefSanitizationWhitelist(/^\s*(javascript):/);
   }]);
 app.run(['$rootScope', '$state', 'AuthService', '$transitions',
   function ($rootScope, $state, AuthService, $transitions) {

Reply via email to