Merge pull request #550 from Kamidu/release-2.0.x

Recomended security fixes
revert-70aa11f8
Rasika Perera 8 years ago committed by GitHub
commit 3d8a18da15

@ -375,15 +375,15 @@ function loadDevices(searchType, searchParam) {
var fnCreatedRow = function (row, data, dataIndex) { var fnCreatedRow = function (row, data, dataIndex) {
$(row).attr('data-type', 'selectable'); $(row).attr('data-type', 'selectable');
$(row).attr('data-deviceid', data.deviceIdentifier); $(row).attr('data-deviceid', htmlspecialchars(data.deviceIdentifier));
$(row).attr('data-devicetype', data.deviceType); $(row).attr('data-devicetype', htmlspecialchars(data.deviceType));
$(row).attr('data-url', context + '/device/' + data.deviceType + '?id=' + data.deviceIdentifier); $(row).attr('data-url', context + '/device/' + htmlspecialchars(data.deviceType) + '?id=' + htmlspecialchars(data.deviceIdentifier));
var model = getPropertyValue(data.properties, 'DEVICE_MODEL'); var model = htmlspecialchars(getPropertyValue(data.properties, 'DEVICE_MODEL'));
var vendor = getPropertyValue(data.properties, 'VENDOR'); var vendor = htmlspecialchars(getPropertyValue(data.properties, 'VENDOR'));
var owner = data.user; var owner = htmlspecialchars(data.user);
var status = data.status; var status = htmlspecialchars(data.status);
var ownership = data.ownership; var ownership = htmlspecialchars(data.ownership);
var deviceType = data.deviceType; var deviceType = htmlspecialchars(data.deviceType);
var category = getDeviceTypeCategory(deviceType); var category = getDeviceTypeCategory(deviceType);
$.each($('td', row), function (colIndex) { $.each($('td', row), function (colIndex) {
switch (colIndex) { switch (colIndex) {
@ -417,6 +417,10 @@ function loadDevices(searchType, searchParam) {
}); });
}; };
function htmlspecialchars(text){
return jQuery('<div/>').text(text).html();
}
var dataFilter = function (data) { var dataFilter = function (data) {
data = JSON.parse(data); data = JSON.parse(data);
var objects = []; var objects = [];

@ -112,6 +112,10 @@ function toTitleCase(str) {
}); });
} }
function htmlspecialchars(text){
return jQuery('<div/>').text(text).html();
}
function loadGroups() { function loadGroups() {
var groupListing = $("#group-listing"); var groupListing = $("#group-listing");
var currentUser = groupListing.data("currentUser"); var currentUser = groupListing.data("currentUser");
@ -134,10 +138,10 @@ function loadGroups() {
var objects = []; var objects = [];
$(data.deviceGroups).each(function (index) { $(data.deviceGroups).each(function (index) {
objects.push({ objects.push({
groupId: data.deviceGroups[index].id, groupId: htmlspecialchars(data.deviceGroups[index].id),
name: data.deviceGroups[index].name, name: htmlspecialchars(data.deviceGroups[index].name),
description: data.deviceGroups[index].description, description: htmlspecialchars(data.deviceGroups[index].description),
owner: data.deviceGroups[index].owner owner: htmlspecialchars(data.deviceGroups[index].owner)
}) })
}); });
var json = { var json = {

@ -109,6 +109,7 @@ function getSelectedPolicies() {
return policyList; return policyList;
} }
$(document).ready(function () { $(document).ready(function () {
/** /**

@ -86,6 +86,10 @@ function InitiateViewOption() {
// $(location).attr('href', $(this).data("url")); // $(location).attr('href', $(this).data("url"));
} }
function htmlspecialchars(text){
return jQuery('<div/>').text(text).html();
}
function loadRoles() { function loadRoles() {
var loadingContent = $("#loading-content"); var loadingContent = $("#loading-content");
loadingContent.show(); loadingContent.show();
@ -98,8 +102,8 @@ function loadRoles() {
$(data.roles).each(function (index) { $(data.roles).each(function (index) {
objects.push( objects.push(
{ {
name: data.roles[index], name: htmlspecialchars(data.roles[index]),
DT_RowId: "role-" + data.roles[index] DT_RowId: "role-" + htmlspecialchars(data.roles[index])
} }
) )
}); });

@ -258,6 +258,10 @@ function InitiateViewOption() {
} }
} }
function htmlspecialchars(text){
return jQuery('<div/>').text(text).html();
}
function loadUsers() { function loadUsers() {
var loadingContentView = "#loading-content"; var loadingContentView = "#loading-content";
$(loadingContentView).show(); $(loadingContentView).show();
@ -269,11 +273,11 @@ function loadUsers() {
$(data.users).each(function (index) { $(data.users).each(function (index) {
objects.push({ objects.push({
filter: data.users[index].username, filter: htmlspecialchars(data.users[index].username),
firstname: data.users[index].firstname ? data.users[index].firstname : "", firstname: htmlspecialchars(data.users[index].firstname) ? htmlspecialchars(data.users[index].firstname) : "",
lastname: data.users[index].lastname ? data.users[index].lastname : "", lastname: htmlspecialchars(data.users[index].lastname) ? htmlspecialchars(data.users[index].lastname) : "",
emailAddress: data.users[index].emailAddress ? data.users[index].emailAddress : "", emailAddress: htmlspecialchars(data.users[index].emailAddress) ? htmlspecialchars(data.users[index].emailAddress) : "",
DT_RowId: "user-" + data.users[index].username DT_RowId: "user-" + htmlspecialchars(data.users[index].username)
}) })
}); });

@ -41,22 +41,22 @@ $(document).ready(function () {
/* for device list sorting drop down */ /* for device list sorting drop down */
$(".ctrl-filter-type-switcher").popover({ $(".ctrl-filter-type-switcher").popover({
html : true, html: true,
content : function () { content: function () {
return $("#content-filter-types").html(); return $("#content-filter-types").html();
} }
}); });
$(".ast-container").on("click", ".claim-btn", function(e){ $(".ast-container").on("click", ".claim-btn", function (e) {
e.stopPropagation(); e.stopPropagation();
var deviceId = $(this).data("deviceid"); var deviceId = $(this).data("deviceid");
var deviceListing = $("#device-listing"); var deviceListing = $("#device-listing");
var currentUser = deviceListing.data("current-user"); var currentUser = deviceListing.data("current-user");
var serviceURL = "/temp-controller-agent/enrollment/claim?username=" + currentUser; var serviceURL = "/temp-controller-agent/enrollment/claim?username=" + currentUser;
var deviceIdentifier = {id: deviceId, type: "TemperatureController"}; var deviceIdentifier = {id: deviceId, type: "TemperatureController"};
invokerUtil.put(serviceURL, deviceIdentifier, function(message){ invokerUtil.put(serviceURL, deviceIdentifier, function (message) {
console.log(message); console.log(message);
}, function(message){ }, function (message) {
console.log(message); console.log(message);
}); });
}); });
@ -68,15 +68,15 @@ $(document).ready(function () {
* @param button: Select All Device button * @param button: Select All Device button
*/ */
function selectAllDevices(button) { function selectAllDevices(button) {
if(!$(button).data('select')){ if (!$(button).data('select')) {
$(deviceCheckbox).each(function(index){ $(deviceCheckbox).each(function (index) {
$(this).prop('checked', true); $(this).prop('checked', true);
addDeviceSelectedClass(this); addDeviceSelectedClass(this);
}); });
$(button).data('select', true); $(button).data('select', true);
$(button).html('Deselect All Devices'); $(button).html('Deselect All Devices');
}else{ } else {
$(deviceCheckbox).each(function(index){ $(deviceCheckbox).each(function (index) {
$(this).prop('checked', false); $(this).prop('checked', false);
addDeviceSelectedClass(this); addDeviceSelectedClass(this);
}); });
@ -92,7 +92,7 @@ function selectAllDevices(button) {
* @param selection: Selection button * @param selection: Selection button
*/ */
function changeDeviceView(view, selection) { function changeDeviceView(view, selection) {
$(".view-toggle").each(function() { $(".view-toggle").each(function () {
$(this).removeClass("selected"); $(this).removeClass("selected");
}); });
$(selection).addClass("selected"); $(selection).addClass("selected");
@ -117,27 +117,33 @@ function addDeviceSelectedClass(checkbox) {
} }
function toTitleCase(str) { function toTitleCase(str) {
return str.replace(/\w\S*/g, function(txt){return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase();}); return str.replace(/\w\S*/g, function (txt) {
return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase();
});
} }
var deviceTypeCount, compiledDeviceTypesCount = 0; var deviceTypeCount, compiledDeviceTypesCount = 0;
function loadDevices(searchType, searchParam){ function htmlspecialchars(text) {
return jQuery('<div/>').text(text).html();
}
function loadDevices(searchType, searchParam) {
var deviceListing = $("#device-listing"); var deviceListing = $("#device-listing");
var deviceListingSrc = deviceListing.attr("src"); var deviceListingSrc = deviceListing.attr("src");
var currentUser = deviceListing.data("currentUser"); var currentUser = deviceListing.data("currentUser");
$('#ast-container').html(""); $('#ast-container').html("");
deviceTypeCount = deviceTypesList.length; deviceTypeCount = deviceTypesList.length;
if(deviceTypesList.length > 0){ if (deviceTypesList.length > 0) {
for (var i = 0; i < deviceTypesList.length; i++) { for (var i = 0; i < deviceTypesList.length; i++) {
var viewModel = {}; var viewModel = {};
viewModel.thumb = deviceTypesList[i].thumb; viewModel.thumb = deviceTypesList[i].thumb;
viewModel.appContext = clientJsAppContext; viewModel.appContext = clientJsAppContext;
viewModel.deviceTypeName = deviceTypesList[i].deviceTypeName; viewModel.deviceTypeName = htmlspecialchars(deviceTypesList[i].deviceTypeName);
viewModel.deviceTypeId = deviceTypesList[i].deviceTypeId; viewModel.deviceTypeId = htmlspecialchars(deviceTypesList[i].deviceTypeId);
viewModel.deviceCategory = deviceTypesList[i].deviceCategory; viewModel.deviceCategory = htmlspecialchars(deviceTypesList[i].deviceCategory);
viewModel.deviceTypeLabel = deviceTypesList[i].deviceTypeLabel; viewModel.deviceTypeLabel = htmlspecialchars(deviceTypesList[i].deviceTypeLabel);
compileTemplate(viewModel, deviceListingSrc); compileTemplate(viewModel, deviceListingSrc);
} }
} else { } else {
@ -155,12 +161,12 @@ function loadDevices(searchType, searchParam){
} }
function compileTemplate(viewModel, templateSrc){ function compileTemplate(viewModel, templateSrc) {
$.template("device-listing", templateSrc, function (template) { $.template("device-listing", templateSrc, function (template) {
$("#ast-container").html($("#ast-container").html() + template(viewModel)); $("#ast-container").html($("#ast-container").html() + template(viewModel));
compiledDeviceTypesCount++; compiledDeviceTypesCount++;
if(deviceTypeCount == compiledDeviceTypesCount){ if (deviceTypeCount == compiledDeviceTypesCount) {
$('#device-type-grid').datatables_extended({"bFilter": false, "order": [[ 1, "asc" ]]}); $('#device-type-grid').datatables_extended({"bFilter": false, "order": [[1, "asc"]]});
} }
}); });
} }
@ -171,17 +177,16 @@ function compileTemplate(viewModel, templateSrc){
var deviceCheckbox = "#ast-container .ctrl-wr-asset .itm-select input[type='checkbox']"; var deviceCheckbox = "#ast-container .ctrl-wr-asset .itm-select input[type='checkbox']";
var assetContainer = "#ast-container"; var assetContainer = "#ast-container";
function openCollapsedNav(){ function openCollapsedNav() {
$('.wr-hidden-nav-toggle-btn').addClass('active'); $('.wr-hidden-nav-toggle-btn').addClass('active');
$('#hiddenNav').slideToggle('slideDown', function(){ $('#hiddenNav').slideToggle('slideDown', function () {
if($(this).css('display') == 'none'){ if ($(this).css('display') == 'none') {
$('.wr-hidden-nav-toggle-btn').removeClass('active'); $('.wr-hidden-nav-toggle-btn').removeClass('active');
} }
}); });
} }
/* /*
* DOM ready functions. * DOM ready functions.
*/ */
@ -196,22 +201,22 @@ $(document).ready(function () {
/* for device list sorting drop down */ /* for device list sorting drop down */
$(".ctrl-filter-type-switcher").popover({ $(".ctrl-filter-type-switcher").popover({
html : true, html: true,
content : function () { content: function () {
return $("#content-filter-types").html(); return $("#content-filter-types").html();
} }
}); });
$(".ast-container").on("click", ".claim-btn", function(e){ $(".ast-container").on("click", ".claim-btn", function (e) {
e.stopPropagation(); e.stopPropagation();
var deviceId = $(this).data("deviceid"); var deviceId = $(this).data("deviceid");
var deviceListing = $("#device-listing"); var deviceListing = $("#device-listing");
var currentUser = deviceListing.data("current-user"); var currentUser = deviceListing.data("current-user");
var serviceURL = "/temp-controller-agent/enrollment/claim?username=" + currentUser; var serviceURL = "/temp-controller-agent/enrollment/claim?username=" + currentUser;
var deviceIdentifier = {id: deviceId, type: "TemperatureController"}; var deviceIdentifier = {id: deviceId, type: "TemperatureController"};
invokerUtil.put(serviceURL, deviceIdentifier, function(message){ invokerUtil.put(serviceURL, deviceIdentifier, function (message) {
console.log(message); console.log(message);
}, function(message){ }, function (message) {
console.log(message); console.log(message);
}); });
}); });
@ -222,8 +227,8 @@ $(document).ready(function () {
$("[data-toggle=popover]").popover(); $("[data-toggle=popover]").popover();
$(".ctrl-filter-type-switcher").popover({ $(".ctrl-filter-type-switcher").popover({
html : true, html: true,
content: function() { content: function () {
return $('#content-filter-types').html(); return $('#content-filter-types').html();
} }
}); });
@ -234,7 +239,7 @@ $(document).ready(function () {
} }
}); });
$(document).on("click", "tr.clickable-row", function(){ $(document).on("click", "tr.clickable-row", function () {
window.document.location = $(this).data('href'); window.document.location = $(this).data('href');
}) })

Loading…
Cancel
Save