ui: add some missing `htmlEncode`s

author Friedrich Weber <f.weber@proxmox.com>

Tue, 25 Jul 2023 11:52:46 +0000 (13:52 +0200)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Tue, 25 Jul 2023 14:59:09 +0000 (16:59 +0200)
author Friedrich Weber <f.weber@proxmox.com>
Tue, 25 Jul 2023 11:52:46 +0000 (13:52 +0200)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 25 Jul 2023 14:59:09 +0000 (16:59 +0200)
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js

index a150e848f74b625208760c1378be4d6e2e03cfe9..4e0942136cbed1062d6b0b6f87a3b6138bbe5ff1 100644 (file)
--- a/www/manager6/Utils.js
+++ b/www/manager6/Utils.js
@@ -1003,15 +1003,18 @@ Ext.define('PVE.Utils', {
      },
  
      render_storage_content: function(value, metaData, record) {
-       var data = record.data;
+       let data = record.data;
+       let result;
         if (Ext.isNumber(data.channel) &&
             Ext.isNumber(data.id) &&
             Ext.isNumber(data.lun)) {
-           return "CH " +
+           result = "CH " +
                 Ext.String.leftPad(data.channel, 2, '0') +
                 " ID " + data.id + " LUN " + data.lun;
+       } else {
+           result = data.volid.replace(/^.*?:(.*?\/)?/, '');
         }
-       return data.volid.replace(/^.*?:(.*?\/)?/, '');
+       return Ext.String.htmlEncode(result);
      },
  
      render_serverity: function(value) {
diff --git a/www/manager6/dc/BackupJobDetail.js b/www/manager6/dc/BackupJobDetail.js

index c4683a47676d340372232ebca7f9e1294459be17..880784a2321fbb650662f50717a49e42ab3b8917 100644 (file)
--- a/www/manager6/dc/BackupJobDetail.js
+++ b/www/manager6/dc/BackupJobDetail.js
@@ -249,6 +249,7 @@ Ext.define('PVE.dc.BackupInfo', {
             xtype: 'displayfield',
             name: 'comment',
             fieldLabel: gettext('Comment'),
+           renderer: Ext.String.htmlEncode,
         },
         {
             xtype: 'fieldset',
diff --git a/www/manager6/dc/PCIMapView.js b/www/manager6/dc/PCIMapView.js

index 859ef58fa3905801db500e0acd961af9e75639d8..80fe3c0f0a99d213d74c6efa6b14c26541c8df0d 100644 (file)
--- a/www/manager6/dc/PCIMapView.js
+++ b/www/manager6/dc/PCIMapView.js
@@ -98,7 +98,7 @@ Ext.define('PVE.dc.PCIMapView', {
             header: gettext('Comment'),
             dataIndex: 'description',
             renderer: function(value, _meta, record) {
-               return value ?? record.data.comment;
+               return Ext.String.htmlEncode(value ?? record.data.comment);
             },
             flex: 1,
         },
diff --git a/www/manager6/dc/USBMapView.js b/www/manager6/dc/USBMapView.js

index 953e2425c551f657c349e160edc45eca8f68546c..96edc5875f5378595be9ed798ba0294b5ecd9d94 100644 (file)
--- a/www/manager6/dc/USBMapView.js
+++ b/www/manager6/dc/USBMapView.js
@@ -90,7 +90,7 @@ Ext.define('PVE.dc.USBMapView', {
             header: gettext('Comment'),
             dataIndex: 'description',
             renderer: function(value, _meta, record) {
-               return value ?? record.data.comment;
+               return Ext.String.htmlEncode(value ?? record.data.comment);
             },
             flex: 1,
         },
diff --git a/www/manager6/form/PCIMapSelector.js b/www/manager6/form/PCIMapSelector.js

index 1bc73ec05c8f873ea46450d314b2ed298fb6f7b3..49629bc2f0850a8f73a2f07754840a2bb144957c 100644 (file)
--- a/www/manager6/form/PCIMapSelector.js
+++ b/www/manager6/form/PCIMapSelector.js
@@ -40,6 +40,7 @@ Ext.define('PVE.form.PCIMapSelector', {
                 header: gettext('Description'),
                 dataIndex: 'description',
                 flex: 1,
+               renderer: Ext.String.htmlEncode,
             },
             {
                 header: gettext('Status'),
diff --git a/www/manager6/form/USBMapSelector.js b/www/manager6/form/USBMapSelector.js

index 6a33754acf4f73a69e3b8ad720eff30af99f2926..2e55c1003114e1ca21ca01e1cdb33c99139eb974 100644 (file)
--- a/www/manager6/form/USBMapSelector.js
+++ b/www/manager6/form/USBMapSelector.js
@@ -64,6 +64,7 @@ Ext.define('PVE.form.USBMapSelector', {
                 header: gettext('Comment'),
                 dataIndex: 'description',
                 flex: 1,
+               renderer: Ext.String.htmlEncode,
             },
         ],
      },
diff --git a/www/manager6/qemu/CloudInit.js b/www/manager6/qemu/CloudInit.js

index 03d06d9c535895d08747cf7449f8fab3c35b59d9..495197265707c524aead7b37f12f2c4551fa8c53 100644 (file)
--- a/www/manager6/qemu/CloudInit.js
+++ b/www/manager6/qemu/CloudInit.js
@@ -214,7 +214,7 @@ Ext.define('PVE.qemu.CloudInit', {
                     ],
                 } : undefined,
                 renderer: function(value) {
-                   return value || Proxmox.Utils.defaultText;
+                   return Ext.String.htmlEncode(value || Proxmox.Utils.defaultText);
                 },
             },
             cipassword: {
@@ -236,7 +236,7 @@ Ext.define('PVE.qemu.CloudInit', {
                     ],
                 } : undefined,
                 renderer: function(value) {
-                   return value || Proxmox.Utils.noneText;
+                   return Ext.String.htmlEncode(value || Proxmox.Utils.noneText);
                 },
             },
             searchdomain: {
author	Friedrich Weber <f.weber@proxmox.com>
	Tue, 25 Jul 2023 11:52:46 +0000 (13:52 +0200)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 25 Jul 2023 14:59:09 +0000 (16:59 +0200)
www/manager6/Utils.js		patch \| blob \| blame \| history
www/manager6/dc/BackupJobDetail.js		patch \| blob \| blame \| history
www/manager6/dc/PCIMapView.js		patch \| blob \| blame \| history
www/manager6/dc/USBMapView.js		patch \| blob \| blame \| history
www/manager6/form/PCIMapSelector.js		patch \| blob \| blame \| history
www/manager6/form/USBMapSelector.js		patch \| blob \| blame \| history
www/manager6/qemu/CloudInit.js		patch \| blob \| blame \| history