diff options
| author | diosmosis <diosmosis@users.noreply.github.com> | 2018-11-13 08:57:02 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-13 08:57:02 +0300 |
| commit | e6a7ace51248f43d0ffa10e2e833bb79b1010182 (patch) | |
| tree | 530d71cd3c854a18b77c8f754f0378ec6bb52c52 /plugins/CoreHome/templates | |
| parent | 50040d5874cd7831f1a90e9e52f8861a444e0d30 (diff) | |
Regenerate OmniFixture dump w/ more xss payloads (#13556)
* Buffing xss testing system.
* More testing changes.
* Finish adding more xss test data.
* Update ui-test.php file.
* Use DI\add in test container override.
* Update OmniFixture.
* Get fixture to setup properly.
* Make xss sanity check work w/ persist fixture data option.
* Another sanity check tweak.
* Trying to debug xss sanity check.
* removing duplicates
* Fix xss testing JS.
* Escape widget category text.
* deal w/ angular input in goal name
* Ensure privacy manager links are safe and add automated test for dangerous links to UI tests.
* Create dangerous link method in xsstesting class.
* Make xss test failures a bit easier to debug and escape metric documentation for angular.
* Tweak quickaccess test.
* Try to get pviot by dimension test to pass.
* Tweak QuickAccess test and try to get xss reports to show.
* Fix exception message.
* Tweaks to fake xss report (cannot currently be displayed).
* Updating screenshots.
* In check for dangerous links test allow empty links that use dangerous prefix.
* fix a cou0le more tests.
* update more screenshots
* Update a couple more screenshots.
* Updated screenshot.
* update screenshots
* update two more screenshots
* Use ng-bind-html to sanitize report documentation which can potentially have HTML.
* update screenshots
Diffstat (limited to 'plugins/CoreHome/templates')
| -rw-r--r-- | plugins/CoreHome/templates/_dataTable.twig | 2 | ||||
| -rw-r--r-- | plugins/CoreHome/templates/_dataTableHead.twig | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/plugins/CoreHome/templates/_dataTable.twig b/plugins/CoreHome/templates/_dataTable.twig index 428f746004..3d8be6103d 100644 --- a/plugins/CoreHome/templates/_dataTable.twig +++ b/plugins/CoreHome/templates/_dataTable.twig @@ -41,7 +41,7 @@ {% endif %} <div class="reportDocumentation"> - {% if properties.documentation|default is not empty %}<p>{{ properties.documentation|rawSafeDecoded }}</p>{% endif %} + {% if properties.documentation|default is not empty %}<p ng-bind-html="{{ properties.documentation|json_encode|e('html_attr') }}"></p>{% endif %} {% if reportLastUpdatedMessage is defined and reportLastUpdatedMessage %}<span class='helpDate'>{{ reportLastUpdatedMessage|raw }}</span>{% endif %} </div> diff --git a/plugins/CoreHome/templates/_dataTableHead.twig b/plugins/CoreHome/templates/_dataTableHead.twig index 27ec83dd29..719f599752 100644 --- a/plugins/CoreHome/templates/_dataTableHead.twig +++ b/plugins/CoreHome/templates/_dataTableHead.twig @@ -8,7 +8,7 @@ <span class="icon-help"></span> {{ properties.translations[column]|default(column)|rawSafeDecoded }} </div> - {{ properties.metrics_documentation[column]|raw }} + {{ properties.metrics_documentation[column]|rawSafeDecoded|raw }} </div> {% endif %} <div id="thDIV" class="thDIV">{{ properties.translations[column]|default(column)|rawSafeDecoded }}</div> |