Univention Bugzilla – Attachment 9948 Details for
Bug 48812
Cross Site Scripting in Portal allows session fixation of Administrators and other attacks
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
48812.patch (text/plain), 922 bytes, created by
Florian Best
on 2019-03-30 08:32:14 CET
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2019-03-30 08:32:14 CET
Size:
922 bytes
patch
obsolete
>diff --git a/management/univention-web/js/widgets/Editor.js b/management/univention-web/js/widgets/Editor.js >index d9c40abd54..d56c64fa82 100644 >--- a/management/univention-web/js/widgets/Editor.js >+++ b/management/univention-web/js/widgets/Editor.js >@@ -32,14 +32,22 @@ define([ > "dojo/_base/declare", > "dijit/Editor", > "umc/widgets/_FormWidgetMixin", >+ "dompurify/purify", > "dijit/_editor/plugins/ViewSource", > "dijit/_editor/plugins/FullScreen", > "dojox/editor/plugins/PrettyPrint" >-], function(declare, Editor, _FormWidgetMixin) { >+], function(declare, Editor, _FormWidgetMixin, purify) { > return declare("umc.widgets.Editor", [ Editor, _FormWidgetMixin ], { > labelPosition: 'top', > extraPlugins: ['viewSource', 'fullscreen', 'prettyprint'], > >+ contentPreFilters: [ >+ purify.sanitize >+ ], >+ contentPostFilters: [ >+ purify.sanitize >+ ], >+ > ready: function() { > return this.onLoadDeferred; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9948">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 48812
:
9869
|
9870
| 9948