incubator-ranger git commit: RANGER-284 : Escape HTML before displaying to prevent XSS

[vel]

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 3df7c45d7 -> abea4ca39


RANGER-284 : Escape HTML before displaying to prevent XSS

Signed-off-by: Velmurugan Periasamy <v...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/abea4ca3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/abea4ca3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/abea4ca3

Branch: refs/heads/master
Commit: abea4ca39b52c4c5c8af2302f45011e8de828f51
Parents: 3df7c45
Author: Gautam Borad <gbo...@gmail.com>
Authored: Tue Mar 3 16:43:41 2015 +0530
Committer: Velmurugan Periasamy <v...@apache.org>
Committed: Tue Mar 3 14:57:37 2015 -0500

----------------------------------------------------------------------
 .../src/main/webapp/scripts/views/reports/AuditLayout.js      | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/abea4ca3/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 
b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index ac3ab7d..23dfdf7 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -1140,10 +1140,7 @@ define(function(require) {
                                        formatter: _.extend({}, 
Backgrid.CellFormatter.prototype, {
                                                fromRaw: function 
(rawValue,model) {
                                                        return 
_.isUndefined(rawValue) ? '--': 
-                                                               /*'<div 
data-id="'+model.id+'" data-container="body" data-toggle="popover" 
data-placement="right" data-content="'+rawValue+'" style="cursor:pointer;">\
-                                                                       
'+rawValue+'</div>';*/
-                                                       '<span title="'+rawValue
-                                                       +'" 
class="showMore">'+rawValue+'</span>';
+                                                       '<span 
title="'+XAUtils.escapeHtmlChar(rawValue) +'" 
class="showMore">'+XAUtils.escapeHtmlChar(rawValue)+'</span>';
                                                }
                                        })
                                },
@@ -1325,4 +1322,4 @@ define(function(require) {
        });
 
        return AuditLayout;
-});
\ No newline at end of file
+});