manila-ui

  1. Bug #1597738
  2. Comment #30

Comment 30 for bug 1597738

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila-ui (stable/liberty)

Reviewed: https://review.openstack.org/383585
Committed: https://git.openstack.org/cgit/openstack/manila-ui/commit/?id=009913d725bee34cef0bd62e47a298025ace2696
Submitter: Jenkins
Branch: stable/liberty

commit 009913d725bee34cef0bd62e47a298025ace2696
Author: Valeriy Ponomaryov <email address hidden>
Date: Thu Jun 30 20:19:22 2016 +0300

    Fix metadata_to_str function code injection vulnerability

    It is possible to inject HTML/JavaScript code into shares table
    member page setting metadata to shares and share types table admin page
    setting extra specs. So, escape HTML-specific symbols in output
    string of 'metadata_to_str' function to make it interpreted
    as string and not as code.

    Change-Id: Ied567e06d91941e9aaac7d3117e03cd1770fb75e
    Security-Fix
    Closes-Bug: #1597738
    (clean cherry pick of commit fca19a1b0d42536644212c5d673fbd6866e67c43)
    (cherry picked from commit 89593686ef18f2bd06223b92071b4be2362a5abd)