1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Properly sanitize node names in deploy warning dialogs

This commit is contained in:
Nick O'Leary 2019-02-07 09:11:06 +00:00
parent a301bf8bf5
commit 724acff591
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9

View File

@ -261,7 +261,9 @@ RED.deploy = (function() {
} }
return list; return list;
} }
function sanitize(html) {
return html.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")
}
function restart() { function restart() {
var startTime = Date.now(); var startTime = Date.now();
$(".deploy-button-content").css('opacity',0); $(".deploy-button-content").css('opacity',0);
@ -353,7 +355,7 @@ RED.deploy = (function() {
if (hasUnknown && !ignoreDeployWarnings.unknown) { if (hasUnknown && !ignoreDeployWarnings.unknown) {
showWarning = true; showWarning = true;
notificationMessage = "<p>"+RED._('deploy.confirm.unknown')+"</p>"+ notificationMessage = "<p>"+RED._('deploy.confirm.unknown')+"</p>"+
'<ul class="node-dialog-configm-deploy-list"><li>'+cropList(unknownNodes).join("</li><li>")+"</li></ul><p>"+ '<ul class="node-dialog-configm-deploy-list"><li>'+cropList(unknownNodes).map(function(n) { return sanitize(n) }).join("</li><li>")+"</li></ul><p>"+
RED._('deploy.confirm.confirm')+ RED._('deploy.confirm.confirm')+
"</p>"; "</p>";
@ -373,7 +375,7 @@ RED.deploy = (function() {
invalidNodes.sort(sortNodeInfo); invalidNodes.sort(sortNodeInfo);
notificationMessage = "<p>"+RED._('deploy.confirm.improperlyConfigured')+"</p>"+ notificationMessage = "<p>"+RED._('deploy.confirm.improperlyConfigured')+"</p>"+
'<ul class="node-dialog-configm-deploy-list"><li>'+cropList(invalidNodes.map(function(A) { return (A.tab?"["+A.tab+"] ":"")+A.label+" ("+A.type+")"})).join("</li><li>")+"</li></ul><p>"+ '<ul class="node-dialog-configm-deploy-list"><li>'+cropList(invalidNodes.map(function(A) { return sanitize( (A.tab?"["+A.tab+"] ":"")+A.label+" ("+A.type+")")})).join("</li><li>")+"</li></ul><p>"+
RED._('deploy.confirm.confirm')+ RED._('deploy.confirm.confirm')+
"</p>"; "</p>";
notificationButtons= [ notificationButtons= [