Sanitation of metadata passed from Django
We need to escape HTML in metadata passed from Django, which can lead to security issues. Refer to the bug for more details. Conflicts: horizon/templates/horizon/common/_modal_form_update_metadata.html The conflict was that there are extra spaces in the line. Co-Authored-By: Szymon Wroblewski <szymon.wroblewski@intel.com> Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5 Closes-bug: #1449260 (cherry picked from commit81e1fa1317
) (cherry picked from commite7f3e0880f
)
This commit is contained in:
parent
db641dccb6
commit
6c944b5013
|
@ -224,8 +224,8 @@
|
|||
</div>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
var existing_metadata = {{existing_metadata|safe}};
|
||||
var available_metadata = {{available_metadata|safe}};
|
||||
var existing_metadata = JSON.parse('{{existing_metadata|escapejs}}');
|
||||
var available_metadata = JSON.parse('{{available_metadata|escapejs}}');
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue