This is an automated email from the ASF dual-hosted git repository.
alexantonenko pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 3233d00 AMBARI-25439. XSS vulnerability for repo check hint
new 706128d Merge pull request #3147 from hiveww/AMBARI-25439-branch-2.7
3233d00 is described below
commit 3233d009445d524b93255a6a35de186416fb0ba6
Author: Alex Antonenko <aantone...@hortonworks.com>
AuthorDate: Tue Dec 3 13:28:27 2019 +0200
AMBARI-25439. XSS vulnerability for repo check hint
---
ambari-web/app/controllers/installer.js | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ambari-web/app/controllers/installer.js
b/ambari-web/app/controllers/installer.js
index fb47288..c3d7d3f 100644
--- a/ambari-web/app/controllers/installer.js
+++ b/ambari-web/app/controllers/installer.js
@@ -921,10 +921,12 @@ App.InstallerController =
App.WizardController.extend(App.Persist, {
var os = selectedStack.get('operatingSystems').findProperty('id',
params.osId);
var repo = os.get('repositories').findProperty('repoId', params.repoId);
if (repo) {
+ var title = Ember.Handlebars.Utils.escapeExpression(request.status +
":" + request.statusText);
+ var content =
Ember.Handlebars.Utils.escapeExpression($.parseJSON(request.responseText) ?
$.parseJSON(request.responseText).message : "");
repo.setProperties({
validation: 'INVALID',
- errorTitle: request.status + ":" + request.statusText,
- errorContent: $.parseJSON(request.responseText) ?
$.parseJSON(request.responseText).message : ""
+ errorTitle: title,
+ errorContent: content
});
}
}
