openstack
/
manila-ui
Code Issues Proposed changes
manila-ui/manila_ui/dashboards/admin/shares
History
Valeriy Ponomaryov 89593686ef Fix metadata_to_str function code injection vulnerability 
It is possible to inject HTML/JavaScript code into shares table
member page setting metadata to shares and share types table admin page
setting extra specs. So, escape HTML-specific symbols in output
string of 'metadata_to_str' function to make it interpreted
as string and not as code.

Depends-On: If83e66d4b2f0f1db181e7c23ac256c498566c2da
Change-Id: Ied567e06d91941e9aaac7d3117e03cd1770fb75e
Security-Fix
Closes-Bug: #1597738
(clean cherry pick of commit fca19a1b0d)
 		2016-09-30 13:25:46 +03:00
..
templates/shares Use "GiB" and "gibibyte" labels in share panels 2015-11-17 10:54:46 -08:00
__init__.py Import code from manila_kilo branch of manila UI 2015-04-09 16:32:42 -07:00
forms.py Fix set/unset extra specs for share type update form 2015-08-25 12:24:28 +03:00
panel.py Import code from manila_kilo branch of manila UI 2015-04-09 16:32:42 -07:00
tables.py Use "GiB" and "gibibyte" labels in share panels 2015-11-17 10:54:46 -08:00
tabs.py Fix metadata_to_str function code injection vulnerability 2016-09-30 13:25:46 +03:00
tests.py Fix broken unit tests 2015-07-07 09:12:17 +00:00
urls.py Add support of API manage/unmanage for Manila 2015-04-09 20:11:36 -07:00
utils.py Remove usage of openstack.common._i18n module 2015-06-17 17:50:51 +03:00
views.py Fix pep8 violations 2015-04-23 08:21:03 -07:00
workflows.py Add nova-network support to share-networks of Manila 2015-04-16 14:50:24 +03:00