Skip to content

Commit

Permalink
fix some xss
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikeTWC1984
mikeTWC1984 committed Mar 4, 2024
1 parent fc0945f commit 602e9a7
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 12 deletions.
8 changes: 3 additions & 5 deletions htdocs/js/pages/Base.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,9 @@ Class.subclass(Page, "Page.Base", {
},

getNiceArgument: function(arg, maxWidth) {
let nice_arg = `${arg || ''}`
if(nice_arg.length > maxWidth) {
nice_arg = `<span title="${nice_arg}">${nice_arg.substring(0,maxWidth-3)}...</span>`
}
return nice_arg
let nice_arg = encode_entities(`${arg || ''}`)
if(nice_arg.length > maxWidth) nice_arg = nice_arg.substring(0,maxWidth-3) + "..."
return `<a href="#History?sub=error_history&all=1&limit=50&arg=${encodeURIComponent(arg)}">${nice_arg}</a>`
},

setGroupVisible: function (group, visible) {
Expand Down
27 changes: 20 additions & 7 deletions htdocs/js/pages/JobDetails.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,8 +234,12 @@ Class.subclass(Page.Base, "Page.JobDetails", {
else html += '(None)';
html += '</div>';

html += '<div class="info_label">EVENT TIMING</div>';
html += '<div class="info_value">' + (event.enabled ? summarize_event_timing(event.timing, event.timezone) : '(Disabled)') + '</div>';
// html += '<div class="info_label">EVENT TIMING</div>';
// html += '<div class="info_value">' + (event.enabled ? summarize_event_timing(event.timing, event.timezone) : '(Disabled)') + '</div>';
// html += '</div>';

html += '<div class="info_label">ARGUMENT</div>'; // hist
html += '<div class="info_value">' + encode_entities(job.arg || '(no argument)') + '</div>';
html += '</div>';

html += '<div style="float:left; width:25%;">';
Expand Down Expand Up @@ -263,7 +267,7 @@ Class.subclass(Page.Base, "Page.JobDetails", {

html += '<div style="float:left; width:25%;">';
html += '<div class="info_label">JOB SOURCE</div>';
html += '<div class="info_value"><div class="ellip" style="max-width:' + col_width + 'px;">' + (job.source || 'Scheduler') + '</div></div>';
html += `<div class="info_value"><div title="${summarize_event_timing(event.timing, event.timezone)}" class="ellip" style="max-width:' + col_width + 'px;">` + (job.source || 'Scheduler') + '</div></div>';

html += '<div class="info_label">SERVER HOSTNAME</div>';
html += '<div class="info_value">' + this.getNiceGroup(null, job.hostname, col_width) + '</div>';
Expand Down Expand Up @@ -560,7 +564,7 @@ Class.subclass(Page.Base, "Page.JobDetails", {
var legend_html = '';
legend_html += '<div class="pie-legend-container">';
for (var idx = 0, len = perf_keys.length; idx < len; idx++) {
legend_html += '<div class="pie-legend-item" style="background-color:' + p_colors[idx] + '">' + p_labels[idx] + '</div>';
legend_html += '<div class="pie-legend-item" style="background-color:' + p_colors[idx] + '">' + filterXSS(p_labels[idx]) + '</div>';
}
legend_html += '</div>';

Expand Down Expand Up @@ -868,10 +872,19 @@ Class.subclass(Page.Base, "Page.JobDetails", {
html += '<div class="info_label">EVENT NAME</div>';
html += '<div class="info_value"><a href="#Schedule?sub=edit_event&id=' + job.event + '">' + this.getNiceEvent(job.event_title, col_width) + '</a></div>';

html += '<div class="info_label">EVENT TIMING</div>';
html += '<div class="info_value">' + (event.enabled ? summarize_event_timing(event.timing, event.timezone) : '(Disabled)') + '</div>';
// html += '<div class="info_label">EVENT TIMING</div>';
// html += '<div class="info_value">' + (event.enabled ? summarize_event_timing(event.timing, event.timezone) : '(Disabled)') + '</div>';
// html += '</div>';

html += '<div class="info_label">ARGUMENT</div>'; // hist
html += '<div class="info_value">' + encode_entities(job.arg || '(no argument)') + '</div>';
html += '</div>';

// html += '<div class="info_label">ARGUMENT</div>';
// html += '<div class="info_value">' + encode_entities(job.arg || '') + '</div>';
// html += '</div>';


html += '<div style="float:left; width:25%;">';
html += '<div class="info_label">CATEGORY NAME</div>';
html += '<div class="info_value">' + this.getNiceCategory(cat, col_width) + '</div>';
Expand All @@ -885,7 +898,7 @@ Class.subclass(Page.Base, "Page.JobDetails", {

html += '<div style="float:left; width:25%;">';
html += '<div class="info_label">JOB SOURCE</div>';
html += '<div class="info_value"><div class="ellip" style="max-width:' + col_width + 'px;">' + (job.source || 'Scheduler') + '</div></div>';
html += `<div class="info_value"><div title="${summarize_event_timing(event.timing, event.timezone)}" class="ellip" style="max-width:` + col_width + 'px;">' + (job.source || 'Scheduler') + '</div></div>';

html += '<div class="info_label">SERVER HOSTNAME</div>';
html += '<div class="info_value">' + this.getNiceGroup(null, job.hostname, col_width) + '</div>';
Expand Down

0 comments on commit 602e9a7

Please sign in to comment.