1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Fix XSS issues in library ui code

This commit is contained in:
Nick O'Leary 2019-02-06 22:25:25 +00:00
parent 37b3601c47
commit a301bf8bf5
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9

View File

@ -45,7 +45,7 @@ RED.library = (function() {
a = document.createElement("a");
a.href="#";
var label = i.replace(/^@.*\//,"").replace(/^node-red-contrib-/,"").replace(/^node-red-node-/,"").replace(/-/," ").replace(/_/," ");
a.innerHTML = label;
a.innerText = label;
li.appendChild(a);
li.appendChild(buildMenu(data.d[i],root+(root!==""?"/":"")+i));
ul.appendChild(li);
@ -58,7 +58,7 @@ RED.library = (function() {
li = document.createElement("li");
a = document.createElement("a");
a.href="#";
a.innerHTML = data.f[i];
a.innerText = data.f[i];
a.flowName = root+(root!==""?"/":"")+data.f[i];
a.onclick = function() {
$.get('library/flows/'+this.flowName, function(data) {
@ -125,8 +125,8 @@ RED.library = (function() {
li.onclick = (function () {
var dirName = v;
return function(e) {
var bcli = $('<li class="active"><span class="divider">/</span> <a href="#">'+dirName+'</a></li>');
$("a",bcli).click(function(e) {
var bcli = $('<li class="active"><span class="divider">/</span> </li>');
$('<a href="#"></a>').text(dirName).appendTo(bcli).click(function(e) {
$(this).parent().nextAll().remove();
$.getJSON("library/"+options.url+root+dirName,function(data) {
$("#node-select-library").children().first().replaceWith(buildFileList(root+dirName+"/",data));
@ -141,12 +141,13 @@ RED.library = (function() {
});
}
})();
li.innerHTML = '<i class="fa fa-folder"></i> '+v+"</i>";
$('<i class="fa fa-folder"></i>').appendTo(li);
$('<span>').text(" "+v).appendTo(li);
ul.appendChild(li);
} else {
// file
li = buildFileListItem(v);
li.innerHTML = v.name;
li.innerText = v.name;
li.onclick = (function() {
var item = v;
return function(e) {