OpenStack Dashboard (Horizon)
Go to file
CristianFiorentino 1b0106e280 Introduces escaping in Horizon/Orchestration
1) Escape help_text a second time to avoid bootstrap tooltip XSS issue

The "Description" parameter in a Heat template is used to populate
a help_text tooltip in the dynamically generated Heat form. Bootstrap
inserts this tooltip into the DOM using .html() which undoes any
escaping we do in Django (it should be using .text()).

This was fixed by forcing the help_text content to be escaped a second
time. The issue itself is mitigated in bootstrap.js release 2.0.3
(ours is currently 2.0.1).

2) Properly escape untrusted Heat template 'outputs'

The 'outputs' parameter in a Heat template was included in a Django
template with HTML autoescaping turned off. Malicious HTML content
could be included in a Heat template and would be rendered by Horizon
when details about a created stack were displayed.

This was fixed by not disabling autoescaping and explicitly escaping
untrusted values in any strings that are later marked "safe" to render
without further escaping.

Change-Id: Icd9f9d9ca77068b12227d77469773a325c840001
Closes-Bug: #1289033
Co-Authored-By: Kieran Spear <kispear@gmail.com>
2014-04-09 00:04:39 +09:00
.tx Import translations from Transifex for Icehouse 2014-04-07 16:32:34 +09:00
doc Merge "Plugin-based panel group configuration" 2014-03-29 03:06:56 +00:00
horizon Introduces escaping in Horizon/Orchestration 2014-04-09 00:04:39 +09:00
openstack_dashboard Introduces escaping in Horizon/Orchestration 2014-04-09 00:04:39 +09:00
tools Sort requirement files in alphabetical order 2014-03-03 10:00:37 +08:00
.gitignore Updates .gitignore 2013-11-28 08:53:42 +00:00
.gitreview Add .gitreview and rfc.sh. 2011-10-28 09:50:35 -04:00
.mailmap Update my mailmap 2013-10-25 14:49:23 +08:00
.pylintrc updating run_tests.sh to mimic other openstack projects, pep8, pylint, coverage 2011-08-31 14:41:36 -07:00
HACKING.rst Remove #noqa from most common imports and add them to import_exceptions 2014-01-07 12:26:35 +01:00
LICENSE Initial commit 2011-01-12 13:43:31 -08:00
MANIFEST.in Drop NodeJS dependency in favor of pure-python lesscpy 2013-08-16 09:31:08 +02:00
Makefile Unifies the project packaging into one set of modules. 2012-02-29 00:20:13 -08:00
README.rst Improve contributor documentation 2013-12-03 20:05:01 +01:00
manage.py Gate on H102 Apache 2.0 license header not found for pep8 2013-11-19 13:55:04 -05:00
openstack-common.conf Import install_venv from oslo 2013-11-13 03:34:42 +09:00
requirements.txt Updated from global requirements 2014-03-28 10:18:12 +08:00
run_tests.sh Merge "Remove English compiled catalogs after compilemessages" 2014-03-27 20:15:36 +00:00
setup.cfg Open Icehouse development 2013-10-02 12:08:56 -07:00
setup.py Updated from global requirements 2013-10-01 16:13:10 +00:00
test-requirements.txt Switch over to oslosphinx 2014-03-21 15:23:44 +01:00
tox.ini Adding django 1.6 support 2014-03-10 23:09:58 -06:00

README.rst

Horizon (OpenStack Dashboard)

Horizon is a Django-based project aimed at providing a complete OpenStack Dashboard along with an extensible framework for building new dashboards from reusable components. The openstack_dashboard module is a reference implementation of a Django site that uses the horizon app to provide web-based interactions with the various OpenStack projects.

For release management:

For blueprints and feature specifications:

For issue tracking:

Getting Started

For local development, first create a virtualenv for the project. In the tools directory there is a script to create one for you:

$ python tools/install_venv.py

Alternatively, the run_tests.sh script will also install the environment for you and then run the full test suite to verify everything is installed and functioning correctly.

Now that the virtualenv is created, you need to configure your local environment. To do this, create a local_settings.py file in the openstack_dashboard/local/ directory. There is a local_settings.py.example file there that may be used as a template.

If all is well you should able to run the development server locally:

$ tools/with_venv.sh manage.py runserver

or, as a shortcut:

$ ./run_tests.sh --runserver

Setting Up OpenStack

The recommended tool for installing and configuring the core OpenStack components is Devstack. Refer to their documentation for getting Nova, Keystone, Glance, etc. up and running.

Note

The minimum required set of OpenStack services running includes the following:

  • Nova (compute, api, scheduler, network, and volume services)
  • Glance
  • Keystone

Optional support is provided for Swift.

Development

For development, start with the getting started instructions above. Once you have a working virtualenv and all the necessary packages, read on.

If dependencies are added to either horizon or openstack_dashboard, they should be added to requirements.txt.

The run_tests.sh script invokes tests and analyses on both of these components in its process, and it is what Jenkins uses to verify the stability of the project. If run before an environment is set up, it will ask if you wish to install one.

To run the unit tests:

$ ./run_tests.sh

Building Contributor Documentation

This documentation is written by contributors, for contributors.

The source is maintained in the doc/source folder using reStructuredText and built by Sphinx

  • Building Automatically:

    $ ./run_tests.sh --docs
  • Building Manually:

    $ export DJANGO_SETTINGS_MODULE=local.local_settings
    $ python doc/generate_autodoc_index.py
    $ sphinx-build -b html doc/source build/sphinx/html

Results are in the build/sphinx/html directory