Lea/web-apps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix vulnerability

Browse source
This commit is contained in:
Julia Radzhabova 2021-04-26 14:54:55 +03:00
parent f57486d376
commit e6b8a379ba
10 changed files with 22 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/common/main/lib/component/TreeView.js
View file

@ -176,11 +176,11 @@ define([
'<div class="tree-caret img-commonctrl ' + '<% if (!isExpanded) { %>' + 'up' + '<% } %>' + '" style="margin-left: <%= level*16 %>px;"></div>',
'<% } %>',
'<% if (isNotHeader) { %>',
'<div class="name not-header"><%= name %></div>',
'<div class="name not-header"><%= Common.Utils.String.htmlEncode(name) %></div>',
'<% } else if (isEmptyItem) { %>',
'<div class="name empty">' + options.emptyItemText + '</div>',
'<% } else { %>',
'<div class="name"><%= name %></div>',
'<div class="name"><%= Common.Utils.String.htmlEncode(name) %></div>',
'<% } %>',
'</div>'
].join(''));

2
apps/documenteditor/main/app/view/BookmarksDialog.js
View file

@ -174,7 +174,7 @@ define([
el: $('#bookmarks-list', this.$window),
store: new Common.UI.DataViewStore(),
tabindex: 1,
itemTemplate: _.template('<div id="<%= id %>" class="list-item" style="pointer-events:none;overflow: hidden; text-overflow: ellipsis;"><%= value %></div>')
itemTemplate: _.template('<div id="<%= id %>" class="list-item" style="pointer-events:none;overflow: hidden; text-overflow: ellipsis;"><%= Common.Utils.String.htmlEncode(value) %></div>')
});
this.bookmarksList.store.comparator = function(rec) {
return (me.radioName.getValue() ? rec.get("value") : rec.get("location"));

4
apps/documenteditor/main/app/view/ControlSettingsDialog.js
View file

@ -168,8 +168,8 @@ define([ 'text!documenteditor/main/app/template/ControlSettingsDialog.template',
template: _.template(['<div class="listview inner" style=""></div>'].join('')),
itemTemplate: _.template([
'<div id="<%= id %>" class="list-item" style="width: 100%;display:inline-block;">',
'<div style="width:90px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;margin-right: 5px;"><%= name %></div>',
'<div style="width:90px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= value %></div>',
'<div style="width:90px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;margin-right: 5px;"><%= Common.Utils.String.htmlEncode(name) %></div>',
'<div style="width:90px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= Common.Utils.String.htmlEncode(value) %></div>',
'</div>'
].join('')),
tabindex: 1

2
apps/documenteditor/main/app/view/CrossReferenceDialog.js
View file

@ -183,7 +183,7 @@ define([
this.refList = new Common.UI.ListView({
el: $window.find('#id-dlg-cross-list'),
store: new Common.UI.DataViewStore(),
itemTemplate: _.template('<div id="<%= id %>" class="list-item" style="pointer-events:none;overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= value %></div>')
itemTemplate: _.template('<div id="<%= id %>" class="list-item" style="pointer-events:none;overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= Common.Utils.String.htmlEncode(value) %></div>')
});
this.refList.on('entervalue', _.bind(this.onPrimary, this))
.on('item:dblclick', _.bind(this.onPrimary, this));

7
apps/documenteditor/main/app/view/DocumentHolder.js
View file

@ -4319,7 +4319,12 @@ define([
for (var i=0; i<count; i++) {
(specProps.get_ItemValue(i)!=='' || !isForm) && menu.addItem(new Common.UI.MenuItem({
caption : specProps.get_ItemDisplayText(i),
value : specProps.get_ItemValue(i)
value : specProps.get_ItemValue(i),
template : _.template([
'<a id="<%= id %>" style="<%= style %>" tabindex="-1" type="menuitem">',
'<%= Common.Utils.String.htmlEncode(caption) %>',
'</a>'
].join(''))
}));
}
if (!isForm && menu.items.length<1) {

2
apps/documenteditor/main/app/view/FormSettings.js
View file

@ -224,7 +224,7 @@ define([
itemTemplate: _.template([
'<div id="<%= id %>" class="list-item" style="width: 100%;display:inline-block;">',
// '<div style="width:65px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;margin-right: 5px;"><%= name %></div>',
'<div style="width:145px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= name %></div>',
'<div style="width:145px;display: inline-block;vertical-align: middle; overflow: hidden; text-overflow: ellipsis;white-space: pre;"><%= Common.Utils.String.htmlEncode(name) %></div>',
'</div>'
].join(''))
});

7
apps/spreadsheeteditor/main/app/controller/ViewTab.js
View file

@ -156,7 +156,12 @@ define([
caption : item.asc_getName(),
checkable: true,
allowDepress: false,
checked : item.asc_getIsActive()
checked : item.asc_getIsActive(),
template : _.template([
'<a id="<%= id %>" style="<%= style %>" tabindex="-1" type="menuitem">',
'<%= Common.Utils.String.htmlEncode(caption) %>',
'</a>'
].join(''))
}));
if (item.asc_getIsActive())
active = true;

2
apps/spreadsheeteditor/main/app/view/NameManagerDlg.js
View file

@ -123,7 +123,7 @@ define([ 'text!spreadsheeteditor/main/app/template/NameManagerDlg.template',
itemTemplate: _.template([
'<div id="<%= id %>" class="list-item" style="width: 100%;display:inline-block;<% if (!lock) { %>pointer-events:none;<% } %>">',
'<div class="listitem-icon toolbar__icon <% print(isTable?"btn-menu-table":(isSlicer ? "btn-slicer" : "btn-named-range")) %>"></div>',
'<div style="width:141px;padding-right: 5px;"><%= name %></div>',
'<div style="width:141px;padding-right: 5px;"><%= Common.Utils.String.htmlEncode(name) %></div>',
'<div style="width:117px;padding-right: 5px;"><%= scopeName %></div>',
'<div style="width:204px;"><%= range %></div>',
'<% if (lock) { %>',

2
apps/spreadsheeteditor/main/app/view/NamedRangePasteDlg.js
View file

@ -95,7 +95,7 @@ define([
'<div style="pointer-events:none;">',
'<div id="<%= id %>" class="list-item" style="pointer-events:none;width: 100%;display:inline-block;">',
'<div class="listitem-icon toolbar__icon <% print(isTable?"btn-menu-table":(isSlicer ? "btn-slicer" : "btn-named-range")) %>"></div>',
'<div style="width:186px;padding-right: 5px;"><%= name %></div>',
'<div style="width:186px;padding-right: 5px;"><%= Common.Utils.String.htmlEncode(name) %></div>',
'</div>',
'</div>'
].join(''))

2
apps/spreadsheeteditor/main/app/view/ViewManagerDlg.js
View file

@ -118,7 +118,7 @@ define([
template: _.template(['<div class="listview inner" style=""></div>'].join('')),
itemTemplate: _.template([
'<div id="<%= id %>" class="list-item" style="width: 100%;height: 20px;display:inline-block;<% if (!lock) { %>pointer-events:none;<% } %>">',
'<div style="width:100%;"><%= name %></div>',
'<div style="width:100%;"><%= Common.Utils.String.htmlEncode(name) %></div>',
'<% if (lock) { %>',
'<div class="lock-user"><%=lockuser%></div>',
'<% } %>',