ranger git commit: RANGER-2269 : Implement best coding practices for validating user input

Fri, 26 Oct 2018 07:05:57 -0700 

Repository: ranger
Updated Branches:
  refs/heads/ranger-1.2 27f001736 -> 50508e81d


RANGER-2269 : Implement best coding practices for validating user input


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/50508e81
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/50508e81
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/50508e81

Branch: refs/heads/ranger-1.2
Commit: 50508e81d15627bdf09f762b6059afc84e9ae85f
Parents: 27f0017
Author: Nikhil P <npur...@hortonworks.com>
Authored: Fri Oct 26 18:08:34 2018 +0530
Committer: Pradeep <prad...@apache.org>
Committed: Fri Oct 26 19:35:00 2018 +0530

----------------------------------------------------------------------
 .../src/main/webapp/scripts/views/users/UserTableLayout.js     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/50508e81/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 
b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
old mode 100644
new mode 100755
index 60c25fa..94afd75
--- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
@@ -510,9 +510,9 @@ define(function(require){
             }).then(function(){
                 XAUtil.blockUI('unblock');
                 totalRecords = this.state.totalRecords;
-                var title =  "<h4>User's List: " + name + "</h4>";
+                var title =  "<h4>User's List: " + _.escape(name) + "</h4>";
                     _.each(that.grpUserList.models , function(model){
-                        msg +='<span class="link-tag userLists span-margin 
setEllipsis" title="'+ model.get('name') +'"><a href="#!/user/'+ model.id+'">'+ 
model.get('name') + '</a></span>';
+                        msg +='<span class="link-tag userLists span-margin 
setEllipsis" title="'+ _.escape(model.get('name')) +'"><a href="#!/user/'+ 
model.id+'">'+ _.escape(model.get('name')) + '</a></span>';
                         that.copyUserLists.push(model.get('name'));
                     });
                     var html = '<div class="row-fluid">\
@@ -568,7 +568,7 @@ define(function(require){
                     modal.$el.find('.modal-body').removeClass('pointer-event');
                     modal.$el.find('.loaderForModal').remove();
                     _.each(this.models, function(m){
-                        tag +='<span class="link-tag userLists span-margin 
setEllipsis" title="'+ m.get('name') +'" ><a href="#!/user/'+ m.get('id')+'" 
>'+ m.get('name') + '</a></span>';
+                        tag +='<span class="link-tag userLists span-margin 
setEllipsis" title="'+ _.escape(m.get('name')) +'" ><a href="#!/user/'+ 
m.get('id')+'" >'+ _.escape(m.get('name')) + '</a></span>';
                         that.copyUserLists.push(m.get('name'));
                     });
                     modal.$el.find(".usernames").empty();

Reply via email to