From 91535f2ba7a20fe2673002d0ecd78d97f578e389 Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Thu, 9 Jun 2016 16:06:32 +0200
Subject: [PATCH] htmlEncode some comment fields

this adds Ext.String.htmlEncode as renderer
for some comment/description fields

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 www/manager6/data/PVEProxy.js              | 2 +-
 www/manager6/form/GroupSelector.js         | 1 +
 www/manager6/form/IPRefSelector.js         | 3 ++-
 www/manager6/form/PoolSelector.js          | 1 +
 www/manager6/form/SecurityGroupSelector.js | 3 ++-
 www/manager6/form/UserSelector.js          | 1 +
 www/manager6/grid/FirewallRules.js         | 1 +
 www/manager6/ha/GroupSelector.js           | 3 ++-
 www/manager6/node/APT.js                   | 2 +-
 www/manager6/node/ServiceView.js           | 1 +
 www/manager6/storage/ContentView.js        | 1 +
 11 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/www/manager6/data/PVEProxy.js b/www/manager6/data/PVEProxy.js
index 86fc9515..b66eeb68 100644
--- a/www/manager6/data/PVEProxy.js
+++ b/www/manager6/data/PVEProxy.js
@@ -49,7 +49,7 @@ Ext.define('PVE.RestProxy', {
 			      text += " (+ " + info.tfa + ")";
 			  }
 
-			  return text;
+			  return Ext.String.htmlEncode(text);
 		      }
 		  }
 		],
diff --git a/www/manager6/form/GroupSelector.js b/www/manager6/form/GroupSelector.js
index 1bac2d17..f243f3e7 100644
--- a/www/manager6/form/GroupSelector.js
+++ b/www/manager6/form/GroupSelector.js
@@ -18,6 +18,7 @@ Ext.define('PVE.form.GroupSelector', {
 		header: gettext('Comment'),
 		sortable: false,
 		dataIndex: 'comment',
+		renderer: Ext.String.htmlEncode,
 		flex: 1
 	    }
 	]
diff --git a/www/manager6/form/IPRefSelector.js b/www/manager6/form/IPRefSelector.js
index dd0123a7..728f5f7e 100644
--- a/www/manager6/form/IPRefSelector.js
+++ b/www/manager6/form/IPRefSelector.js
@@ -66,7 +66,8 @@ Ext.define('PVE.form.IPRefSelector', {
 	    },
 	    {
 		header: gettext('Comment'),  
-		dataIndex: 'comment', 
+		dataIndex: 'comment',
+		renderer: Ext.String.htmlEncode,
 		flex: 1
 	    }
 	);
diff --git a/www/manager6/form/PoolSelector.js b/www/manager6/form/PoolSelector.js
index 376468a3..56ded507 100644
--- a/www/manager6/form/PoolSelector.js
+++ b/www/manager6/form/PoolSelector.js
@@ -28,6 +28,7 @@ Ext.define('PVE.form.PoolSelector', {
 			header: gettext('Comment'),
 			sortable: false,
 			dataIndex: 'comment',
+			renderer: Ext.String.htmlEncode,
 			flex: 1
 		    }
 		]
diff --git a/www/manager6/form/SecurityGroupSelector.js b/www/manager6/form/SecurityGroupSelector.js
index c3a42dc4..b805c291 100644
--- a/www/manager6/form/SecurityGroupSelector.js
+++ b/www/manager6/form/SecurityGroupSelector.js
@@ -33,7 +33,8 @@ Ext.define('PVE.form.SecurityGroupsSelector', {
 		    },
 		    {
 			header: gettext('Comment'),  
-			dataIndex: 'comment', 
+			dataIndex: 'comment',
+			renderer: Ext.String.htmlEncode,
 			flex: 1
 		    }
 		]
diff --git a/www/manager6/form/UserSelector.js b/www/manager6/form/UserSelector.js
index d5c8a077..c84cef44 100644
--- a/www/manager6/form/UserSelector.js
+++ b/www/manager6/form/UserSelector.js
@@ -40,6 +40,7 @@ Ext.define('PVE.form.UserSelector', {
 			header: gettext('Comment'),
 			sortable: false,
 			dataIndex: 'comment',
+			renderer: Ext.String.htmlEncode,
 			flex: 1
 		    }
 		]
diff --git a/www/manager6/grid/FirewallRules.js b/www/manager6/grid/FirewallRules.js
index b483c940..09f10740 100644
--- a/www/manager6/grid/FirewallRules.js
+++ b/www/manager6/grid/FirewallRules.js
@@ -15,6 +15,7 @@ Ext.define('PVE.form.FWMacroSelector', {
 	    },
 	    {
 		header: gettext('Description'),
+		renderer: Ext.String.htmlEncode,
 		flex: 1,
 		dataIndex: 'descr'
 	    }
diff --git a/www/manager6/ha/GroupSelector.js b/www/manager6/ha/GroupSelector.js
index 1f74b77d..b55fc568 100644
--- a/www/manager6/ha/GroupSelector.js
+++ b/www/manager6/ha/GroupSelector.js
@@ -22,7 +22,8 @@ Ext.define('PVE.ha.GroupSelector', {
 	    {
 		header: gettext('Comment'),
 		flex: 1,
-		dataIndex: 'comment'
+		dataIndex: 'comment',
+		renderer: Ext.String.htmlEncode
 	    }
 	]
     },
diff --git a/www/manager6/node/APT.js b/www/manager6/node/APT.js
index 28301c3d..3afca02f 100644
--- a/www/manager6/node/APT.js
+++ b/www/manager6/node/APT.js
@@ -37,7 +37,7 @@ Ext.define('PVE.node.APT', {
                 var colspan = headerCt.getColumnCount();
                 // Usually you would style the my-body-class in CSS file
                 return {
-                    rowBody: '<div style="padding: 1em">' + data.Description + '</div>',
+                    rowBody: '<div style="padding: 1em">' + Ext.String.htmlEncode(data.Description) + '</div>',
                     rowBodyColspan: colspan
                 };
 	    }
diff --git a/www/manager6/node/ServiceView.js b/www/manager6/node/ServiceView.js
index a952aadd..dab98935 100644
--- a/www/manager6/node/ServiceView.js
+++ b/www/manager6/node/ServiceView.js
@@ -137,6 +137,7 @@ Ext.define('PVE.node.ServiceView', {
 		},
 		{
 		    header: gettext('Description'),
+		    renderer: Ext.String.htmlEncode,
 		    dataIndex: 'desc',
 		    flex: 1
 		}
diff --git a/www/manager6/storage/ContentView.js b/www/manager6/storage/ContentView.js
index 5f1c7be1..f551e7e0 100644
--- a/www/manager6/storage/ContentView.js
+++ b/www/manager6/storage/ContentView.js
@@ -59,6 +59,7 @@ Ext.define('PVE.grid.TemplateSelector', {
 		{
 		    header: gettext('Description'),
 		    flex: 1.5,
+		    renderer: Ext.String.htmlEncode,
 		    dataIndex: 'headline'
 		}
 	    ],
-- 
2.39.2