root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Html escape displayed messages. 

Html escape error messages before returning from management
API. Also escape text before launching popup.

[#142213453]
This commit is contained in:
kjnilsson 2017-03-23 10:29:45 +00:00
parent 0f537352bb
commit d57161ba45
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deps/rabbitmq_management/priv/www/js/main.js vendored
View File

@ -504,7 +504,7 @@ function show_popup(type, text, mode) {
$(cssClass).text().indexOf(text.replace(/<[^>]*>/g, '')) != -1 ) {
return;
}
$('h1').after(format('error-popup', {'type': type, 'text': text}));
$('h1').after(format('error-popup', {'type': type, 'text': fmt_escape_html(text)}));
if (mode == 'fade') {
$(cssClass).fadeIn(200);
}

3
deps/rabbitmq_management/src/rabbit_mgmt_util.erl vendored
View File

@ -546,7 +546,8 @@ http_to_amqp(MethodName, ReqData, Context, Transformers, Extra) ->
bad_request(Error, ReqData1, Context)
end;
{error, Reason} ->
bad_request(Reason, ReqData1, Context)
bad_request(rabbit_mgmt_format:escape_html_tags(Reason),
ReqData1, Context)
end
end.