From eb5ac5a52bff2cd6ee666a15a0a5d04c56edee09 Mon Sep 17 00:00:00 2001 From: Evgeniy Alekseev Date: Fri, 24 Jun 2022 11:46:04 +0300 Subject: [PATCH] bump web libraries also encode strings for the views --- .../build-status/package-add-modal.jinja2 | 4 +- .../templates/build-status/table.jinja2 | 39 ++++++++++++------- .../templates/utils/bootstrap-scripts.jinja2 | 17 ++------ .../ahriman/templates/utils/style.jinja2 | 4 +- 4 files changed, 33 insertions(+), 31 deletions(-) diff --git a/package/share/ahriman/templates/build-status/package-add-modal.jinja2 b/package/share/ahriman/templates/build-status/package-add-modal.jinja2 index 4df0bbe4..9aa52daa 100644 --- a/package/share/ahriman/templates/build-status/package-add-modal.jinja2 +++ b/package/share/ahriman/templates/build-status/package-add-modal.jinja2 @@ -50,12 +50,12 @@ }); function addPackages() { - const packages = [packageInput.val()] + const packages = [packageInput.val()]; doPackageAction("/api/v1/service/add", packages); } function requestPackages() { - const packages = [packageInput.val()] + const packages = [packageInput.val()]; doPackageAction("/api/v1/service/request", packages); } diff --git a/package/share/ahriman/templates/build-status/table.jinja2 b/package/share/ahriman/templates/build-status/table.jinja2 index 6179d3c7..468b8cf3 100644 --- a/package/share/ahriman/templates/build-status/table.jinja2 +++ b/package/share/ahriman/templates/build-status/table.jinja2 @@ -32,7 +32,7 @@ showSuccess(details); }, error: (jqXHR, _, errorThrown) => { showFailure(errorThrown); }, - }) + }); } function getSelection() { @@ -58,25 +58,30 @@ dataType: "json", success: response => { const extractListProperties = (description, property) => { - return Object.values(description.packages).map(pkg => { - return pkg[property]; - }).reduce((left, right) => { return left.concat(right); }, []); + return Object.values(description.packages) + .map(pkg => { return pkg[property]; }) + .reduce((left, right) => { return left.concat(right); }, []); + }; + const listToTable = data => { + return Array.from(new Set(data)) + .sort() + .map(entry => { return safe(entry); }) + .join("
"); }; - const listToTable = data => { return Array.from(new Set(data)).sort().join("
"); }; const payload = response.map(description => { const package_base = description.package.base; const web_url = description.package.remote?.web_url; return { - id: description.package.base, - base: web_url ? `${package_base}` : package_base, - version: description.package.version, + id: package_base, + base: web_url ? `${safe(package_base)}` : safe(package_base), + version: safe(description.package.version), packages: listToTable(Object.keys(description.package.packages)), groups: listToTable(extractListProperties(description.package, "groups")), licenses: listToTable(extractListProperties(description.package, "licenses")), timestamp: new Date(1000 * description.status.timestamp).toISOString(), - status: description.status.status - } + status: description.status.status, + }; }); table.bootstrapTable("load", payload); @@ -85,17 +90,17 @@ hideControls(false); }, error: (jqXHR, _, errorThrown) => { - hideControls(true); if ((jqXHR.status === 401) || (jqXHR.status === 403)) { // authorization error const text = "In order to see statuses you must login first."; table.find("tr.unauthorized").remove(); - table.find("tbody").append(`${text}`); + table.find("tbody").append(`${safe(text)}`); table.bootstrapTable("hideLoading"); } else { // other errors showFailure(errorThrown); } + hideControls(true); }, }); @@ -129,6 +134,14 @@ }); } + function safe(string) { + return String(string) + .replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """); + } + function statusFormat(value) { const cellClass = status => { if (status === "pending") return "table-warning"; @@ -143,5 +156,5 @@ $(() => { table.bootstrapTable({}); reload(); - }) + }); \ No newline at end of file diff --git a/package/share/ahriman/templates/utils/bootstrap-scripts.jinja2 b/package/share/ahriman/templates/utils/bootstrap-scripts.jinja2 index c23f16c1..42c4ed91 100644 --- a/package/share/ahriman/templates/utils/bootstrap-scripts.jinja2 +++ b/package/share/ahriman/templates/utils/bootstrap-scripts.jinja2 @@ -5,19 +5,8 @@ - + - + - - - + diff --git a/package/share/ahriman/templates/utils/style.jinja2 b/package/share/ahriman/templates/utils/style.jinja2 index 831abfb9..4d3d0889 100644 --- a/package/share/ahriman/templates/utils/style.jinja2 +++ b/package/share/ahriman/templates/utils/style.jinja2 @@ -1,7 +1,7 @@ - + - +