add htmlEnode as a renderer to fields which lets you
input arbitrary strings, to prevent html tags
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
www/manager/dc/AuthView.js | 1 +
www/manager/dc/GroupView.js | 1 +
www/manager/dc/PoolView.js | 1 +
www/manager/dc/SecurityGroups.js | 2 +-
www/manager/dc/UserView.js | 1 +
www/manager/grid/FirewallAliases.js | 2 +-
www/manager/ha/Groups.js | 3 ++-
www/manager/ha/Resources.js | 3 ++-
www/manager/lxc/SnapshotTree.js | 2 +-
www/manager/panel/IPSet.js | 2 +-
www/manager/pool/StatusView.js | 1 +
www/manager/qemu/Options.js | 1 +
www/manager/qemu/SnapshotTree.js | 2 +-
13 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/www/manager/dc/AuthView.js b/www/manager/dc/AuthView.js
index 83e79c6..2a2961c 100644
--- a/www/manager/dc/AuthView.js
+++ b/www/manager/dc/AuthView.js
@@ -132,6 +132,7 @@ Ext.define('PVE.dc.AuthView', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/dc/GroupView.js b/www/manager/dc/GroupView.js
index 6950a46..9612721 100644
--- a/www/manager/dc/GroupView.js
+++ b/www/manager/dc/GroupView.js
@@ -95,6 +95,7 @@ Ext.define('PVE.dc.GroupView', {
{
header: gettext('Comment'),
sortable: false,
+ renderer: Ext.String.htmlEncode,
dataIndex: 'comment',
flex: 1
}
diff --git a/www/manager/dc/PoolView.js b/www/manager/dc/PoolView.js
index 4ae99e2..0d552ec 100644
--- a/www/manager/dc/PoolView.js
+++ b/www/manager/dc/PoolView.js
@@ -96,6 +96,7 @@ Ext.define('PVE.dc.PoolView', {
header: gettext('Comment'),
sortable: false,
dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
diff --git a/www/manager/dc/SecurityGroups.js b/www/manager/dc/SecurityGroups.js
index 0e31295..d8562e7 100644
--- a/www/manager/dc/SecurityGroups.js
+++ b/www/manager/dc/SecurityGroups.js
@@ -167,7 +167,7 @@ Ext.define('PVE.SecurityGroupList', {
selModel: sm,
columns: [
{ header: gettext('Group'), dataIndex: 'group', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer:
Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor,
diff --git a/www/manager/dc/UserView.js b/www/manager/dc/UserView.js
index c4f8a8b..d4ad713 100644
--- a/www/manager/dc/UserView.js
+++ b/www/manager/dc/UserView.js
@@ -220,6 +220,7 @@ Ext.define('PVE.dc.UserView', {
id: 'comment',
header: gettext('Comment'),
sortable: false,
+ renderer: Ext.String.htmlEncode,
dataIndex: 'comment',
flex: 1
}
diff --git a/www/manager/grid/FirewallAliases.js
b/www/manager/grid/FirewallAliases.js
index 353b97c..2f38393 100644
--- a/www/manager/grid/FirewallAliases.js
+++ b/www/manager/grid/FirewallAliases.js
@@ -171,7 +171,7 @@ Ext.define('PVE.FirewallAliases', {
columns: [
{ header: gettext('Name'), dataIndex: 'name', width: 100 },
{ header: gettext('IP/CIDR'), dataIndex: 'cidr', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer:
Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor
diff --git a/www/manager/ha/Groups.js b/www/manager/ha/Groups.js
index e596c00..28be5f7 100644
--- a/www/manager/ha/Groups.js
+++ b/www/manager/ha/Groups.js
@@ -108,7 +108,8 @@ Ext.define('PVE.ha.GroupsView', {
{
header: gettext('Comment'),
flex: 1,
- dataIndex: 'comment'
+ dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode
}
],
listeners: {
diff --git a/www/manager/ha/Resources.js b/www/manager/ha/Resources.js
index 495f039..87a9723 100644
--- a/www/manager/ha/Resources.js
+++ b/www/manager/ha/Resources.js
@@ -133,7 +133,8 @@ Ext.define('PVE.ha.ResourcesView', {
{
header: gettext('Description'),
flex: 1,
- dataIndex: 'comment'
+ dataIndex: 'comment',
+ renderer: Ext.String.htmlEncode
}
],
listeners: {
diff --git a/www/manager/lxc/SnapshotTree.js b/www/manager/lxc/SnapshotTree.js
index f13e64f..cbe7043 100644
--- a/www/manager/lxc/SnapshotTree.js
+++ b/www/manager/lxc/SnapshotTree.js
@@ -279,7 +279,7 @@ Ext.define('PVE.lxc.SnapshotTree', {
if (record.data.name === 'current') {
return gettext("You are here!");
} else {
- return value;
+ return Ext.String.htmlEncode(value);
}
}
}
diff --git a/www/manager/panel/IPSet.js b/www/manager/panel/IPSet.js
index 2aae7df..821f467 100644
--- a/www/manager/panel/IPSet.js
+++ b/www/manager/panel/IPSet.js
@@ -148,7 +148,7 @@ Ext.define('PVE.IPSetList', {
selModel: sm,
columns: [
{ header: 'IPSet', dataIndex: 'name', width: 100 },
- { header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+ { header: gettext('Comment'), dataIndex: 'comment', renderer:
Ext.String.htmlEncode, flex: 1 }
],
listeners: {
itemdblclick: run_editor,
diff --git a/www/manager/pool/StatusView.js b/www/manager/pool/StatusView.js
index 8049364..a376e09 100644
--- a/www/manager/pool/StatusView.js
+++ b/www/manager/pool/StatusView.js
@@ -13,6 +13,7 @@ Ext.define('PVE.pool.StatusView', {
var rows = {
comment: {
header: gettext('Comment'),
+ renderer: Ext.String.htmlEncode,
required: true
}
};
diff --git a/www/manager/qemu/Options.js b/www/manager/qemu/Options.js
index c31af13..9ba913c 100644
--- a/www/manager/qemu/Options.js
+++ b/www/manager/qemu/Options.js
@@ -242,6 +242,7 @@ Ext.define('PVE.qemu.Options', {
smbios1: {
header: gettext('SMBIOS settings (type1)'),
defaultValue: '',
+ renderer: Ext.String.htmlEncode,
editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.Smbios1Edit' :
undefined
},
agent: {
diff --git a/www/manager/qemu/SnapshotTree.js b/www/manager/qemu/SnapshotTree.js
index 6f377a2..6efa944 100644
--- a/www/manager/qemu/SnapshotTree.js
+++ b/www/manager/qemu/SnapshotTree.js
@@ -279,7 +279,7 @@ Ext.define('PVE.qemu.SnapshotTree', {
if (record.data.name === 'current') {
return gettext("You are here!");
} else {
- return value;
+ return Ext.String.htmlEncode(value);
}
}
}
--
2.1.4
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
