Tomas Jelinek has posted comments on this change.
Change subject: webadmin: fix layout of multiple lines conf msgs
......................................................................
Patch Set 2: (1 inline comment)
I suspect that this patch brings XSS vulnerability (please see the comment).
The problem is that the RemoveConfirmationPopupView is already vulnerable to
XSS because it also trusts the message. If you will fix it, could you please
also fix the RemoveConfirmationPopupView?
Thank you.
....................................................
File
frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/popup/AbstractConfirmationPopupView.java
Line 18: }
Line 19:
Line 20: @Override
Line 21: public void setMessage(String message) {
Line 22: messageLabel.getElement().setInnerHTML(message != null ?
message.replace("\n", "<br/>") : "");//$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
I suspect that this bring in an XSS vulnerability. If for example the VM name
you are about to delete contains some HTML (or JS), and you try to e.g. delete
it, this dialog would interpret this HTML (JS). Please use something like
SafeHtmlUtils.fromString(message).asString().replace("\n", "<br/>") or
something like this.
Line 23: }
Line 24:
--
To view, visit http://gerrit.ovirt.org/9989
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I1576b7576cf93ba9e525f20261d423fd4c0721b0
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Arik Hadas <[email protected]>
Gerrit-Reviewer: Arik Hadas <[email protected]>
Gerrit-Reviewer: Daniel Erez <[email protected]>
Gerrit-Reviewer: Tomas Jelinek <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
