AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid potential XSS in Gantt chart

This commit is contained in:
Frederic Guillot 2017-02-23 20:33:44 -05:00
parent daaf32beb5
commit f1fcaedbd2
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -42,7 +42,11 @@ Bug fixes:
Security:
* Fix XSS in LetterAvatarProvider (render broken image)
* Avoid potential XSS in project overview when listing users (was avoided by default CSP rules)
Those issues are harmless if you use default Kanboard settings for CSP rules:
* Avoid potential XSS in project overview when listing users
* Avoid potential XSS in Gantt chart
Version 1.0.39 (Feb 12, 2017)
-----------------------------

6
assets/js/app.min.js vendored
View File

File diff suppressed because one or more lines are too long

21
assets/js/src/Gantt.js
View File

@ -77,7 +77,7 @@ Kanboard.Gantt.prototype.renderVerticalHeader = function() {
.append(" ");
if (this.data[i].type == "task") {
content.append(jQuery("<a>", {"href": this.data[i].link, "title": this.data[i].title}).append(this.data[i].title));
content.append(jQuery("<a>", {"href": this.data[i].link, "title": this.data[i].title}).text(this.data[i].title));
}
else {
content
@ -85,7 +85,7 @@ Kanboard.Gantt.prototype.renderVerticalHeader = function() {
.append("&nbsp;")
.append(jQuery("<a>", {"href": this.data[i].gantt_link, "title": $(this.options.container).data("label-gantt-link")}).append('<i class="fa fa-sliders"></i>'))
.append("&nbsp;")
.append(jQuery("<a>", {"href": this.data[i].link}).append(this.data[i].title));
.append(jQuery("<a>", {"href": this.data[i].link}).text(this.data[i].title));
}
seriesDiv.append(jQuery("<div>", {"class": "ganttview-vtheader-series-name"}).append(content));
@ -215,7 +215,11 @@ Kanboard.Gantt.prototype.getVerticalHeaderTooltip = function(record) {
var tooltip = "";
if (record.type == "task") {
tooltip = "<strong>" + record.column_title + "</strong> (" + record.progress + ")<br/>" + record.title;
tooltip = jQuery("<span>")
.append(jQuery("<strong>").text(record.column_title))
.append(document.createTextNode(' (' + record.progress + ')'))
.append(jQuery("<br>"))
.append(document.createTextNode(record.title)).prop('outerHTML');
}
else {
var types = ["project-manager", "project-member"];
@ -227,11 +231,11 @@ Kanboard.Gantt.prototype.getVerticalHeaderTooltip = function(record) {
for (var user_id in record.users[type]) {
if (user_id) {
list.append(jQuery("<li>").append(record.users[type][user_id]));
list.append(jQuery("<li>").text(record.users[type][user_id]));
}
}
tooltip += "<p><strong>" + $(this.options.container).data("label-" + type) + "</strong></p>" + list[0].outerHTML;
tooltip += "<p><strong>" + $(this.options.container).data("label-" + type) + "</strong></p>" + list.prop('outerHTML');
}
}
}
@ -248,8 +252,11 @@ Kanboard.Gantt.prototype.getBarTooltip = function(record) {
}
else {
if (record.type == "task") {
tooltip = "<strong>" + record.progress + "</strong><br/>" +
$(this.options.container).data("label-assignee") + " " + (record.assignee ? record.assignee : '') + "<br/>";
var assigneeLabel = $(this.options.container).data("label-assignee");
tooltip += jQuery("<strong>").text(record.progress).prop('outerHTML');
tooltip += "<br>";
tooltip += jQuery('<span>').append(document.createTextNode(assigneeLabel + " " + (record.assignee ? record.assignee : ''))).prop('outerHTML');
tooltip += "<br>";
}
tooltip += $(this.options.container).data("label-start-date") + " " + $.datepicker.formatDate('yy-mm-dd', record.start) + "<br/>";