imhven
/
abp
mirror of https://github.com/abpframework/abp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8629 from abpframework/liangshiwei/patch-1

Browse Source 
Prevent against possible XSS
pull/8652/head
maliming 5 years ago committed by GitHub
parent a6afda5266 7f18a92b7e
commit f055da5b82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

4
modules/cms-kit/src/Volo.CmsKit.Admin.Web/Pages/CmsKit/Comments/details.js
Unescape View File

@ -87,7 +87,7 @@
data: "author.userName",
render: function (data) {
if (data !== null) {
return GetFilterableDatatableContent('#Author', data);
return GetFilterableDatatableContent('#Author', $.fn.dataTable.render.text().display(data)); //prevent against possible XSS
}
return "";
}
@ -97,7 +97,7 @@
data: "text",
orderable: false,
render: function (data) {
data = data || "";
data = $.fn.dataTable.render.text().display(data || "");
var maxChars = 64;

6
modules/cms-kit/src/Volo.CmsKit.Admin.Web/Pages/CmsKit/Comments/index.js
Unescape View File

@ -87,7 +87,7 @@
data: "author.userName",
render: function (data) {
if (data !== null) {
return GetFilterableDatatableContent('#Author', data);
return GetFilterableDatatableContent('#Author', $.fn.dataTable.render.text().display(data)); //prevent against possible XSS
}
return "";
}
@ -99,7 +99,7 @@
data: "entityType",
render: function (data) {
if (data !== null) {
return GetFilterableDatatableContent('#EntityType', data);
return GetFilterableDatatableContent('#EntityType', $.fn.dataTable.render.text().display(data));
}
return "";
}
@ -109,7 +109,7 @@
data: "text",
orderable: false,
render: function (data) {
data = data || "";
data = $.fn.dataTable.render.text().display(data || "");
var maxChars = 64;

2
modules/identity/src/Volo.Abp.Identity.Web/Pages/Identity/Roles/index.js
Unescape View File

@ -84,7 +84,7 @@
title: l('RoleName'),
data: 'name',
render: function (data, type, row) {
var name = '<span>' + data + '</span>';
var name = '<span>' + $.fn.dataTable.render.text().display(data) + '</span>'; //prevent against possible XSS
if (row.isDefault) {
name +=
'<span class="badge badge-pill badge-success ml-1">' +

Write Preview
Loading…
Cancel
Save