michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-04 22:30:33 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Also need HTML escaping when printing output

Browse Source
This commit is contained in:
Jamie Cameron
2014-07-05 10:47:49 -07:00
parent 1c590a118b
commit 55a8843edf
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
group_chooser.cgi
View File

@@ -111,10 +111,14 @@ top.sel = sel2; top.selr = selr2;
location = location;
return false;
}
function html_escape(s)
{
return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}
for(i=0; i<top.sel.length; i++) {
document.write("<tr>\n");
document.write("<td><a href=\"\" onClick='return sub("+i+")'>"+top.sel[i]+"</a></td>\n");
document.write("<td>"+top.selr[i]+"</td>\n");
document.write("<td><a href=\"\" onClick='return sub("+i+")'>"+html_escape(top.sel[i])+"</a></td>\n");
document.write("<td>"+html_escape(top.selr[i])+"</td>\n");
}
</script>
</table>

9
user_chooser.cgi
View File

@@ -2,6 +2,7 @@
# user_chooser.cgi
# This CGI generated the HTML for choosing a user or list of users.
$trust_unknown_referers = 1;
BEGIN { push(@INC, ".."); };
use WebminCore;
@@ -102,10 +103,14 @@ top.sel = sel2; top.selr = selr2;
top.frames[1].location = top.frames[1].location;
return false;
}
function html_escape(s)
{
return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}
for(i=0; i<top.sel.length; i++) {
document.write("<tr>\n");
document.write("<td><a href=\"\" onClick='return sub("+i+")'>"+top.sel[i]+"</a></td>\n");
document.write("<td>"+top.selr[i]+"</td>\n");
document.write("<td><a href=\"\" onClick='return sub("+i+")'>"+html_escape(top.sel[i])+"</a></td>\n");
document.write("<td>"+html_escape(top.selr[i])+"</td>\n");
}
</script>
</table>