This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 200d78bd2c AMBARI-25283: Ambari UI evaluates Javascript embedded in
user input w… (#3466)
200d78bd2c is described below
commit 200d78bd2cbb87956e427aa9e6927c4f7560f1ad
Author: Zhiguo Wu <wuzhi...@apache.org>
AuthorDate: Wed Nov 9 16:45:06 2022 +0800
AMBARI-25283: Ambari UI evaluates Javascript embedded in user input w…
(#3466)
---
.../app/scripts/controllers/clusters/ClusterInformationCtrl.js | 1 +
.../app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js | 1 +
.../app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js | 1 +
.../src/main/resources/ui/admin-web/app/scripts/i18n.config.js | 1 +
.../resources/ui/admin-web/app/views/clusters/clusterInformation.html | 1 +
.../ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html | 3 ++-
.../ui/admin-web/app/views/remoteClusters/remoteClusterPage.html | 3 ++-
ambari-web/app/controllers/wizard/step2_controller.js | 2 +-
8 files changed, 10 insertions(+), 3 deletions(-)
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
index 0ce634ea9c..4d9ba37d85 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClusterInformationCtrl.js
@@ -27,6 +27,7 @@ function($scope, $http, $location, Cluster, $routeParams,
$translate, $rootScope
clusterName: null
};
$scope.isClusterNameEdited = false;
+ $scope.nameValidationPattern = /^\s*\w*\s*$/;
$scope.$watch(function() {
return $rootScope.cluster;
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
index 0977d09fd2..7e8605de3f 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersCreateCtrl.js
@@ -24,6 +24,7 @@ angular.module('ambariAdminConsole')
$scope.cluster = {};
$scope.nameValidationPattern = /^\s*\w*\s*$/;
+ $scope.urlValidationPattern =
/^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0
[...]
$scope.registerRemoteCluster = function () {
$scope.form.submitted = true;
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
index 74cb0f9cd1..08cd170536 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/remoteClusters/RemoteClustersEditCtrl.js
@@ -25,6 +25,7 @@ angular.module('ambariAdminConsole')
$scope.instancesAffected = [];
$scope.nameValidationPattern = /^\s*\w*\s*$/;
+ $scope.urlValidationPattern =
/^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0
[...]
$scope.openChangePwdDialog = function() {
var modalInstance = $modal.open({
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
index a81189a5a2..49aae8670d 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
@@ -226,6 +226,7 @@ angular.module('ambariAdminConsole')
'views.alerts.noSpecialChars': 'Must not contain any special characters.',
'views.alerts.noSpecialCharsOrSpaces': 'Must not contain any special
characters or spaces.',
+ 'views.alerts.invalidUrl': 'Must be a valid URL.',
'views.alerts.instanceExists': 'Instance with this name already exists.',
'views.alerts.notDefined': 'There are no {{term}} defined for this view.',
'views.alerts.cannotEditInstance': 'Cannot Edit Static Instances',
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
index 486659b37a..18de5a5128 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/clusterInformation.html
@@ -50,6 +50,7 @@
name="clusterName"
ng-change="toggleSaveButton()"
ng-model="edit.clusterName"
+ ng-pattern="nameValidationPattern"
required
autofocus
ng-maxlength="100"
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
index 846cbcbffc..abc8e992f3 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/editRemoteClusterPage.html
@@ -42,8 +42,9 @@
<div class="form-group" ng-class="{'has-error' :
form.user_name.$error.required && form.submitted}">
<label for="clusterurl" class="col-sm-2
control-label">{{'users.ambariClusterURL' | translate}}*</label>
<div class="col-sm-10">
- <input type="text" id="clusterurl" class="form-control"
name="cluster_url" placeholder="{{'users.ambariClusterURL' | translate}}"
ng-model="cluster.cluster_url" required autocomplete="off">
+ <input type="text" id="clusterurl" class="form-control"
ng-pattern="urlValidationPattern" name="cluster_url"
placeholder="{{'users.ambariClusterURL' | translate}}"
ng-model="cluster.cluster_url" required autocomplete="off">
<div class="alert alert-danger top-margin"
ng-show="form.cluster_url.$error.required && form.submitted">
{{'common.alerts.fieldIsRequired' | translate}}</div>
+ <div class="alert alert-danger top-margin"
ng-show="form.cluster_url.$error.pattern && form.submitted">
{{'views.alerts.invalidUrl' | translate}}</div>
</div>
</div>
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
index a780b8ff6e..621af0c540 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/views/remoteClusters/remoteClusterPage.html
@@ -34,8 +34,9 @@
<div class="form-group" ng-class="{'has-error' :
form.user_name.$error.required && form.submitted}">
<label for="clusterurl" class="col-sm-2
control-label">{{'users.ambariClusterURL' | translate}}*</label>
<div class="col-sm-10">
- <input type="text" id="clusterurl" class="form-control"
name="cluster_url" placeholder="{{'remoteClusters.clusterURLPlaceholder' |
translate}}" ng-model="cluster.cluster_url" required autocomplete="off">
+ <input type="text" id="clusterurl" class="form-control"
ng-pattern="urlValidationPattern" name="cluster_url"
placeholder="{{'remoteClusters.clusterURLPlaceholder' | translate}}"
ng-model="cluster.cluster_url" required autocomplete="off">
<div class="alert alert-danger top-margin"
ng-show="form.cluster_url.$error.required && form.submitted">
{{'common.alerts.fieldIsRequired' | translate}}</div>
+ <div class="alert alert-danger top-margin"
ng-show="form.cluster_url.$error.pattern && form.submitted">
{{'views.alerts.invalidUrl' | translate}}</div>
</div>
</div>
diff --git a/ambari-web/app/controllers/wizard/step2_controller.js
b/ambari-web/app/controllers/wizard/step2_controller.js
index 832e49ff58..87d52d8101 100644
--- a/ambari-web/app/controllers/wizard/step2_controller.js
+++ b/ambari-web/app/controllers/wizard/step2_controller.js
@@ -213,7 +213,7 @@ App.WizardStep2Controller = Em.Controller.extend({
this.get('invalidHostNames').clear();
this.get('hostNameArr').forEach(function (hostName) {
if (!validator.isHostname(hostName)) {
- this.get('invalidHostNames').push(hostName);
+ this.get('invalidHostNames').push(encodeURIComponent(hostName));
result = false;
}
}, this);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@ambari.apache.org
For additional commands, e-mail: commits-h...@ambari.apache.org
