[syncope] branch 2_0_X updated: [SYNCOPE-1549] whitelisted javascript in href attributes

[andreapatricelli]

This is an automated email from the ASF dual-hosted git repository.

andreapatricelli pushed a commit to branch 2_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_0_X by this push:
     new 713ae29  [SYNCOPE-1549] whitelisted javascript in href attributes
713ae29 is described below

commit 713ae29ab80da5fed27f66cfaed3b5526edd155b
Author: Andrea Patricelli <andreapatrice...@apache.org>
AuthorDate: Mon Aug 24 15:03:18 2020 +0200

    [SYNCOPE-1549] whitelisted javascript in href attributes
---
 .../enduser/src/main/resources/META-INF/resources/app/js/app.js   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js 
b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
index 1553a55..53e3008 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
@@ -46,8 +46,10 @@ var app = angular.module('SyncopeEnduserApp', [
   'ngAria'
 ]);
 
-app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', 
'$translateProvider', '$translatePartialLoaderProvider',
-  function ($stateProvider, $urlRouterProvider, $httpProvider, 
$translateProvider, $translatePartialLoaderProvider) {
+app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', 
'$translateProvider',
+  '$translatePartialLoaderProvider', '$compileProvider',
+  function ($stateProvider, $urlRouterProvider, $httpProvider, 
$translateProvider,
+          $translatePartialLoaderProvider, $compileProvider) {
     /*
      
|--------------------------------------------------------------------------
      | Syncope Enduser AngularJS providers configuration
@@ -304,6 +306,8 @@ app.config(['$stateProvider', '$urlRouterProvider', 
'$httpProvider', '$translate
         }
       };
     });
+    // SYNCOPE-1549
+    $compileProvider.aHrefSanitizationWhitelist(/^\s*(javascript):/);
   }]);
 app.run(['$rootScope', '$state', 'AuthService', '$transitions',
   function ($rootScope, $state, AuthService, $transitions) {