Skip to content

Commit

Permalink
#12 Make sure to escape HTML entities and sanitize the message to be …
Browse files Browse the repository at this point in the history 
…displayed in notification
  • Loading branch information
@nadouani
nadouani committed Mar 28, 2017
1 parent 4587c0c commit e928c06
Show file tree
Hide file tree
Showing 6 changed files with 69 additions and 37 deletions.
1 change: 1 addition & 0 deletions ui/app/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
<script src="bower_components/es5-shim/es5-shim.js"></script>
<script src="bower_components/jquery/dist/jquery.js"></script>
<script src="bower_components/angular/angular.js"></script>
<script src="bower_components/angular-sanitize/angular-sanitize.js"></script>
<script src="bower_components/bootstrap/dist/js/bootstrap.js"></script>
<script src="bower_components/angular-ui-router/release/angular-ui-router.js"></script>
<script src="bower_components/es6-shim/es6-shim.js"></script>
Expand Down
1 change: 1 addition & 0 deletions ui/app/scripts/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ angular.module('cortex', [
'ui.bootstrap',
'ui-notification',
'angularMoment',
'ngSanitize',
'angularUtils.directives.dirPagination'
])
.config(function(NotificationProvider) {
Expand Down
12 changes: 6 additions & 6 deletions ui/app/scripts/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
* Controller of the cortex
*/
angular.module('cortex')
.controller('NavCtrl', function($q, $state, $uibModal, AnalyzerSrv, Notification) {
.controller('NavCtrl', function($q, $state, $uibModal, AnalyzerSrv, NotificationService) {
this.newAnalysis = function () {

AnalyzerSrv.list()
Expand Down Expand Up @@ -46,13 +46,13 @@ angular.module('cortex')
$state.go('jobs');
}
_.each(response, function(resp) {
Notification.success(resp.data.analyzerId + ' started successfully on ' + (resp.data.artifact.data || resp.data.artifact.attributes.filename));
NotificationService.success(resp.data.analyzerId + ' started successfully on ' + (resp.data.artifact.data || resp.data.artifact.attributes.filename));
});
});
});
};
})
.controller('AnalyzersCtrl', function ($state, $uibModal, $q, $log, AnalyzerSrv, Notification, analyzers) {
.controller('AnalyzersCtrl', function ($state, $uibModal, $q, $log, AnalyzerSrv, NotificationService, analyzers) {
this.search = {
description: '',
dataTypeList: ''
Expand Down Expand Up @@ -82,7 +82,7 @@ angular.module('cortex')
return AnalyzerSrv.run(result.analyzer.id, result);
}).then(function (response) {
$state.go('jobs');
Notification.success(response.data.analyzerId + ' started successfully on ' + response.data.artifact.data);
NotificationService.success(response.data.analyzerId + ' started successfully on ' + response.data.artifact.data);
});
};

Expand Down Expand Up @@ -136,7 +136,7 @@ angular.module('cortex')
$uibModalInstance.dismiss('cancel');
};
})
.controller('JobsCtrl', function ($scope, $uibModal, $interval, JobSrv, AnalyzerSrv, Notification, _, analyzers) {
.controller('JobsCtrl', function ($scope, $uibModal, $interval, JobSrv, AnalyzerSrv, NotificationService, _, analyzers) {
var self = this;

this.analyzers = analyzers;
Expand Down Expand Up @@ -245,7 +245,7 @@ angular.module('cortex')
return JobSrv.remove(id);
}).then(function ( /*response*/ ) {
self.load(1);
Notification.success('Job removed successfully');
NotificationService.success('Job removed successfully');
});

};
Expand Down
90 changes: 59 additions & 31 deletions ui/app/scripts/services.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
(function () {
(function() {
'use strict';

angular.module('cortex')
Expand All @@ -16,7 +16,35 @@
key: 'RED',
value: 3
}])
.service('AnalyzerSrv', function ($q, $http) {
.service('HtmlSanitizer', function($sanitize) {
var entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};

this.sanitize = function(str) {
return $sanitize(String(str).replace(/[&<>"'\/]/g, function(s) {
return entityMap[s];
}));
};
})
.service('NotificationService', function(HtmlSanitizer, Notification) {
this.success = function(message) {
var sanitized = HtmlSanitizer.sanitize(message);

return Notification.success(sanitized);
};
this.error = function(message) {
var sanitized = HtmlSanitizer.sanitize(message);

return Notification.error(sanitized);
};
})
.service('AnalyzerSrv', function($q, $http) {
var self = this;

this.analyzers = null;
Expand All @@ -26,40 +54,40 @@
return this.dataTypes;
};

this.list = function () {
this.list = function() {
var defered = $q.defer();

if(this.analyzers === null) {
if (this.analyzers === null) {
$http.get('/api/analyzer')
.then(function (response) {
self.analyzers = response.data;

self.dataTypes = _.mapObject(
_.groupBy(
_.flatten(
_.pluck(response.data, 'dataTypeList')
.then(function(response) {
self.analyzers = response.data;

self.dataTypes = _.mapObject(
_.groupBy(
_.flatten(
_.pluck(response.data, 'dataTypeList')
),
function(item) {
return item;
}
),
function(item){
return item;
function(value /*, key*/ ) {
return value.length;
}
),
function(value/*, key*/){
return value.length;
}
);

defered.resolve(response.data);
}, function(response) {
defered.reject(response);
});
);

defered.resolve(response.data);
}, function(response) {
defered.reject(response);
});
} else {
defered.resolve(this.analyzers);
}

return defered.promise;
};

this.run = function (id, artifact) {
this.run = function(id, artifact) {
var postData;

if (artifact.dataType === 'file') {
Expand All @@ -75,12 +103,12 @@
headers: {
'Content-Type': undefined
},
transformRequest: function (data) {
transformRequest: function(data) {
var formData = new FormData(),
copy = angular.copy(data, {}),
_json = {};

angular.forEach(data, function (value, key) {
angular.forEach(data, function(value, key) {
if (Object.getPrototypeOf(value) instanceof Blob || Object.getPrototypeOf(value) instanceof File) {
formData.append(key, value);
delete copy[key];
Expand Down Expand Up @@ -110,18 +138,18 @@
};

})
.service('JobSrv', function ($http) {
this.list = function (params) {
.service('JobSrv', function($http) {
this.list = function(params) {
return $http.get('/api/job', {
params: params
});
};

this.report = function (jobId) {
this.report = function(jobId) {
return $http.get('/api/job/' + jobId + '/report');
};

this.remove = function (jobId) {
this.remove = function(jobId) {
return $http.delete('/api/job/' + jobId);
};
})
Expand Down Expand Up @@ -152,7 +180,7 @@
})
.filter('fang', function(UtilsSrv) {
return function(value) {
if(!value) {
if (!value) {
return '';
}

Expand Down
1 change: 1 addition & 0 deletions ui/bower.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"version": "1.0.2",
"dependencies": {
"angular": "1.5.10",
"angular-sanitize": "1.5.10",
"bootstrap": "~3.3.7",
"angular-ui-router": "~0.3.1",
"es5-shim": "^4.5.9",
Expand Down
1 change: 1 addition & 0 deletions ui/test/karma.conf.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ module.exports = function(config) {
'bower_components/es5-shim/es5-shim.js',
'bower_components/jquery/dist/jquery.js',
'bower_components/angular/angular.js',
'bower_components/angular-sanitize/angular-sanitize.js',
'bower_components/bootstrap/dist/js/bootstrap.js',
'bower_components/angular-ui-router/release/angular-ui-router.js',
'bower_components/es6-shim/es6-shim.js',
Expand Down

0 comments on commit e928c06

Please sign in to comment.