OpenStack Dashboard (Horizon)

  1. Bug #1667086
  2. Comment #3

Comment 3 for bug 1667086

Revision history for this message
Richard Jones (r1chardj0n3s) wrote : Re: XSS in federation mappings UI

The fix is quite simple:

diff --git a/openstack_dashboard/dashboards/identity/mappings/tables.py b/openstack_dashboard/dashboards/identity/mappings/tables.py
index df6e8f3..b8c7154 100644
--- a/openstack_dashboard/dashboards/identity/mappings/tables.py
+++ b/openstack_dashboard/dashboards/identity/mappings/tables.py
@@ -75,7 +75,7 @@ def get_rules_as_json(mapping):
     rules = getattr(mapping, 'rules', None)
     if rules:
         rules = json.dumps(rules, indent=4)
- return safestring.mark_safe(rules)
+ return rules

 class MappingsTable(tables.DataTable):