composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-21 01:28:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3835 - Make global pass on all inputs (objects, dashlets, ...) to ensure XSS and double encoding have been dealt with

Browse Source
This commit is contained in:
acognet
2021-10-04 13:52:36 +02:00
parent 94d99a4109
commit e38ca54691
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/ui.extkeywidget.class.inc.php
View File

@@ -823,9 +823,9 @@ JS
$aJsonMap = array();
foreach ($aValues as $sKey => $aValue) {
$aElt = ['value' => $sKey, 'label' => $aValue['label'], 'obsolescence_flag' => $aValue['obsolescence_flag']];
$aElt = ['value' => $sKey, 'label' => utils::HtmlEntities($aValue['label']), 'obsolescence_flag' => $aValue['obsolescence_flag']];
if ($aValue['additional_field'] != '') {
$aElt['additional_field'] = $aValue['additional_field'];
$aElt['additional_field'] = utils::HtmlEntities($aValue['additional_field']);
}
if (array_key_exists('initials', $aValue)) {

3
js/extkeywidget.js
View File

@@ -265,8 +265,7 @@ function ExtKeyWidget(id, sTargetClass, sFilter, sTitle, bSelectMode, oWizHelper
if (item.obsolescence_flag == '1') {
val = val+' <span class="object-ref-icon text_decoration"><span class="fas fa-eye-slash object-obsolete fa-1x fa-fw"></span></span>';
}
let labelValue = $('<div>').text(item.label).html();
labelValue = labelValue.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)("+term+")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>");
let labelValue = item.label.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)("+term+")(?![^<>]*>)(?![^&;]+;)", "gi"), "<strong>$1</strong>");
val = val+labelValue;
if (item.additional_field != undefined) {
val = val+'<br><i>'+item.additional_field+'</i>';