proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-10-04 09:46:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mobile ui: API2Request: ensure that response.htmlStatus is html-encoded

Browse Source 
`response.htmlStatus` is used to display error messages to the user.
Hence, make sure that HTML in the error message is properly encoded.
`API2Request` has two codepaths setting `response.htmlStatus`:

- in the `success` callback, htmlStatus is assigned the result of
  `extractRequestError`, which already encodes server-provided
  strings.

- in the `failure` callback, where this patch adds a missing
  htmlEncode.

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Friedrich Weber 2025-04-07 17:30:00 +02:00 committed by Thomas Lamprecht
parent 0b29ea8a42
commit 8a1c194740
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/mobile/WidgetToolkitUtils.js
View File

@ -466,7 +466,7 @@ utilities: {
} else if (response.status && response.statusText) { } else if (response.status && response.statusText) {
msg = gettext('Connection error') + ' ' + response.status + ': ' + response.statusText; msg = gettext('Connection error') + ' ' + response.status + ': ' + response.statusText;
} }
response.htmlStatus = msg; response.htmlStatus = Ext.htmlEncode(msg);
Ext.callback(callbackFn, options.scope, [options, false, response]); Ext.callback(callbackFn, options.scope, [options, false, response]);
Ext.callback(failureFn, options.scope, [response, options]); Ext.callback(failureFn, options.scope, [response, options]);
}, },