good day!
i fixed tiny errors (html-escaping) , but it has security effects.
see file
"0001-escape-label-of-node-of-tree-when-events-add-remove-.patch" [
https://github.com/postgres-impulsm/pgadmin4/commit/f993513d148fc6dd7e0196261f847e668d5e2c6c
]
--
Андрей Антонов,
инженер-программист Отдела информационных технологий и программирования,
компания «Импульс М»
From f993513d148fc6dd7e0196261f847e668d5e2c6c Mon Sep 17 00:00:00 2001
From: Andrei Antonov <polymor...@gmail.com>
Date: Tue, 9 May 2017 22:18:54 +0300
Subject: [PATCH] escape label of node of tree, when events: add\remove\unload
---
web/pgadmin/browser/templates/browser/js/node.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/web/pgadmin/browser/templates/browser/js/node.js b/web/pgadmin/browser/templates/browser/js/node.js
index e337fec0..ff8bc09f 100644
--- a/web/pgadmin/browser/templates/browser/js/node.js
+++ b/web/pgadmin/browser/templates/browser/js/node.js
@@ -743,7 +743,7 @@ function($, _, S, pgAdmin, Menu, Backbone, Alertify, pgBrowser, Backform) {
t.setLabel(
pItem, {
label: (
- pData._label + ' <span>(' + pData.collection_count + ')</span>'
+ _.escape(pData._label) + ' <span>(' + pData.collection_count + ')</span>'
)
}
);
@@ -821,7 +821,7 @@ function($, _, S, pgAdmin, Menu, Backbone, Alertify, pgBrowser, Backform) {
t.setLabel(
pItem, {
label: (
- pData._label + ' <span>(' + pData.collection_count + ')</span>'
+ _.escape(pData._label) + ' <span>(' + pData.collection_count + ')</span>'
)
}
);
@@ -838,7 +838,7 @@ function($, _, S, pgAdmin, Menu, Backbone, Alertify, pgBrowser, Backform) {
if (self.is_collection && 'collection_count' in data)
{
delete data.collection_count;
- t.setLabel(item, {label: data._label});
+ t.setLabel(item, {label: _.escape(data._label)});
}
},
refresh: function(cmd, i) {
--
2.12.2
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
