Skip to content

Commit

Permalink
prevent xss on time range text fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@msaf1980
msaf1980 committed Oct 27, 2022
1 parent 9c62600 commit aaeeb73
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions webapp/content/js/dashboard.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,10 @@ function htmlEncode(input) {
});
}

function htmlStriped(input) {
return htmlEncode(input).replace(/\s/g, '_')
}

function initDashboard () {

// Populate naming-scheme based datastructures
Expand Down Expand Up @@ -1229,7 +1233,7 @@ function selectRelativeTime() {
fieldLabel: 'Show the past',
width: 90,
allowBlank: false,
regex: /\d+/,
regex: /^\d+$/,
regexText: 'Please enter a number',
value: TimeRange.relativeStartQuantity
});
Expand All @@ -1251,7 +1255,7 @@ function selectRelativeTime() {
fieldLabel: 'Until',
width: 90,
allowBlank: true,
regex: /\d+/,
regex: /^\d+$/,
regexText: 'Please enter a number',
value: TimeRange.relativeUntilQuantity
});
Expand Down Expand Up @@ -1291,10 +1295,10 @@ function selectRelativeTime() {

function updateTimeRange() {
TimeRange.type = 'relative';
TimeRange.relativeStartQuantity = quantityField.getValue();
TimeRange.relativeStartUnits = unitField.getValue();
TimeRange.relativeUntilQuantity = untilQuantityField.getValue();
TimeRange.relativeUntilUnits = untilUnitField.getValue();
TimeRange.relativeStartQuantity = htmlStriped(quantityField.getValue());
TimeRange.relativeStartUnits = htmlStriped(unitField.getValue());
TimeRange.relativeUntilQuantity = htmlStriped(untilQuantityField.getValue());
TimeRange.relativeUntilUnits = htmlStriped(untilUnitField.getValue());
win.close();
timeRangeUpdated();
}
Expand Down

0 comments on commit aaeeb73

Please sign in to comment.