Fix metadata_to_str function code injection vulnerability
It is possible to inject HTML/JavaScript code into shares table
member page setting metadata to shares and share types table admin page
setting extra specs. So, escape HTML-specific symbols in output
string of 'metadata_to_str' function to make it interpreted
as string and not as code.
Reviewed: https:/ /review. openstack. org/378557 /git.openstack. org/cgit/ openstack/ manila- ui/commit/ ?id=fca19a1b0d4 2536644212c5d67 3fbd6866e67c43
Committed: https:/
Submitter: Jenkins
Branch: master
commit fca19a1b0d42536 644212c5d673fbd 6866e67c43
Author: Valeriy Ponomaryov <email address hidden>
Date: Thu Jun 30 20:19:22 2016 +0300
Fix metadata_to_str function code injection vulnerability
It is possible to inject HTML/JavaScript code into shares table
member page setting metadata to shares and share types table admin page
setting extra specs. So, escape HTML-specific symbols in output
string of 'metadata_to_str' function to make it interpreted
as string and not as code.
Change-Id: Ied567e06d91941 e9aaac7d3117e03 cd1770fb75e
Security-Fix
Closes-Bug: #1597738