commit fd45ba01086551f77702eae3bc5074bef57ca0dd
author Scott Baker <smbaker@gmail.com> Fri Jan 23 17:42:17 2015 -0800
committer Scott Baker <smbaker@gmail.com> Fri Jan 23 17:42:17 2015 -0800
tree bd8fef3c7da74573b503e3ed9412cb0106384131
parent 85515d734596cbfd8186c38f00eb26a1f819fe0d

prevent script tags inside of error popup

planetstack/core/xoslib/static/js/xoslib/xos-util.js

diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-util.js b/planetstack/core/xoslib/static/js/xoslib/xos-util.js
index 04bd041..6f4db85 100644
--- a/planetstack/core/xoslib/static/js/xoslib/xos-util.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xos-util.js
@@ -143,6 +143,17 @@
     $(containerSelector).find(itemSelector).each( function(index) { $(this).width(maxWidth); });
 }
 
+function strip_scripts(s) {
+    var div = document.createElement('div');

+    div.innerHTML = s;

+    var scripts = div.getElementsByTagName('script');

+    var i = scripts.length;

+    while (i--) {

+      scripts[i].parentNode.removeChild(scripts[i]);

+    }

+    return div.innerHTML;

+  }
+
 function parse_portlist(ports) {
     /* Support a list of ports in the format "protocol:port, protocol:port, ..."
         examples:

planetstack/core/xoslib/static/js/xoslib/xosHelper.js

diff --git a/planetstack/core/xoslib/static/js/xoslib/xosHelper.js b/planetstack/core/xoslib/static/js/xoslib/xosHelper.js
index 7392843..384a7ed 100644
--- a/planetstack/core/xoslib/static/js/xoslib/xosHelper.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xosHelper.js
@@ -150,7 +150,7 @@
         if (parsed_error) {
             $("#xos-error-dialog").html(templateFromId("#xos-error-response")(parsed_error));
         } else {
-            $("#xos-error-dialog").html(templateFromId("#xos-error-rawresponse")({responseText: responseText}))
+            $("#xos-error-dialog").html(templateFromId("#xos-error-rawresponse")({responseText: strip_scripts(responseText)}))
         }
 
         $("#xos-error-dialog").dialog({