proxmox-mirrors/proxmox-widget-toolkit
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-widget-toolkit synced 2025-04-29 23:28:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

utils: API2Request: ensure that response's htmlStatus is html-encoded

Browse Source 
`response.htmlStatus` is used to display error messages to the user.
Hence, make sure that HTML in the error message is properly encoded.

`API2Request` has two codepaths setting `response.htmlStatus`:

- in the `success` callback, htmlStatus is assigned the result of
  `extractRequestError`, which already encodes backend-provided
  strings.

- in the `failure` callback, where this patch adds a missing
  htmlEncode.

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Friedrich Weber 2025-04-07 17:29:59 +02:00 committed by Thomas Lamprecht
parent b44cc8ee37
commit c4b689b698
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Utils.js
View File

@ -516,7 +516,7 @@ utilities: {
} else if (response.status && response.statusText) {
msg = gettext('Connection error') + ' ' + response.status + ': ' + response.statusText;
}
response.htmlStatus = msg;
response.htmlStatus = Ext.htmlEncode(msg);
Ext.callback(callbackFn, options.scope, [options, false, response]);
Ext.callback(failureFn, options.scope, [response, options]);
},