Escape HTML tags in policy definition fields

[#142213453]
2017-03-22 21:58:01 +03:00 · 2017-03-22 21:58:01 +03:00 · 892bca32b0
parent 248c4be453
commit 892bca32b0
2 changed files with 4 additions and 4 deletions
--- a/deps/rabbitmq_management/priv/www/js/formatters.js
+++ b/deps/rabbitmq_management/priv/www/js/formatters.js
@ -126,11 +126,11 @@ function args_to_features(obj) {
    var res = {};
    for (var k in obj.arguments) {
        if (k in KNOWN_ARGS) {
-            res[k] = obj.arguments[k];
+            res[k] = fmt_escape_html(obj.arguments[k]);
        }
        else {
            if (res.arguments == undefined) res.arguments = {};
-            res.arguments[k] = obj.arguments[k];
+            res.arguments[fmt_escape_html(k)] = fmt_escape_html(obj.arguments[k]);
        }
    }
    if (obj.durable) {
@ -150,7 +150,7 @@ function fmt_mirrors(queue) {
    var unsynced = queue.slave_nodes || [];
    unsynced = jQuery.grep(unsynced,
                           function (node, i) {
-                               return jQuery.inArray(node, synced) == -1
+                               return jQuery.inArray(node, synced) == -1;
                           });
    var res = '';
    if (synced.length > 0) {
--- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_policy.erl
+++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_policy.erl
@ -72,7 +72,7 @@ accept_content(ReqData, Context) ->
                              {true, ReqData, Context};
                          {error_string, Reason} ->
                              rabbit_mgmt_util:bad_request(
-                                list_to_binary(Reason), ReqData, Context)
+                                rabbit_mgmt_format:escape_html_tags(Reason), ReqData, Context)
                      end
              end)
    end.