updateUserInfo: function() {
var me = this;
var ui = me.query('#userinfo')[0];
- ui.setText(Proxmox.UserName || '');
+ ui.setText(Ext.String.htmlEncode(Proxmox.UserName || ''));
ui.updateLayout();
},
return '@' + ugid;
}
- return ugid;
+ return Ext.String.htmlEncode(ugid);
};
var columns = [
header: gettext('Users'),
sortable: false,
dataIndex: 'users',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
{
header: gettext("User name"),
dataIndex: 'user',
+ renderer: Ext.String.htmlEncode,
width: 150
},
{
{
header: gettext("Message"),
dataIndex: 'msg',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
],
height: 600,
layout: 'fit',
cbind: {
- title: '{userid} - ' + gettext('Granted Permissions'),
+ title: (get) => Ext.String.htmlEncode(get('userid')) +
+ ` - ${gettext('Granted Permissions')}`,
},
items: [{
xtype: 'pveUserPermissionGrid',
{
xtype: 'displayfield',
fieldLabel: gettext('User name'),
+ renderer: Ext.String.htmlEncode,
cbind: {
value: '{userid}'
}
{
header: gettext("User name"),
dataIndex: 'user',
+ renderer: Ext.String.htmlEncode,
width: 150
},
{
},
name: 'userid',
value: Proxmox.UserName,
+ renderer: Ext.String.htmlEncode,
fieldLabel: gettext('User'),
},
{
dataIndex: 'userid',
renderer: (uid) => {
let realmIndex = uid.lastIndexOf('@');
- let user = uid.substr(0, realmIndex);
- let realm = uid.substr(realmIndex);
+ let user = Ext.String.htmlEncode(uid.substr(0, realmIndex));
+ let realm = Ext.String.htmlEncode(uid.substr(realmIndex));
return `${user} <span style='float:right;'>${realm}</span>`;
},
hidden: !!me.fixedUser,
name: 'userid',
fieldLabel: gettext('User name'),
value: me.userid,
+ renderer: Ext.String.htmlEncode,
allowBlank: false,
submitValue: me.isCreate ? true : false
},
];
var render_username = function(userid) {
- return userid.match(/^(.+)(@[^@]+)$/)[1];
+ return Ext.String.htmlEncode(userid.match(/^(.+)(@[^@]+)$/)[1]);
};
var render_realm = function(userid) {
- return userid.match(/@([^@]+)$/)[1];
+ return Ext.String.htmlEncode(userid.match(/@([^@]+)$/)[1]);
};
Ext.apply(me, {
header: gettext('Users'),
sortable: false,
dataIndex: 'users',
+ renderer: Ext.String.htmlEncode,
flex: 1
}
]
header: gettext('API Token'),
sortable: true,
dataIndex: 'id',
+ renderer: Ext.String.htmlEncode,
flex: 1
},
{
header: gettext('User'),
sortable: true,
dataIndex: 'userid',
+ renderer: Ext.String.htmlEncode,
flex: 1
},
{
var sp = Ext.state.Manager.getProvider();
var username = sp.get('login-username') || Proxmox.Utils.noneText;
- me.lookupReference('savedUserName').setValue(username);
+ me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));
var vncMode = sp.get('novnc-scaling');
if (vncMode !== undefined) {
me.lookupReference('noVNCScalingGroup').setValue({ noVNCScalingField: vncMode });