fix for xss issue

2016-08-17 20:55:23 +03:00
parent 6c4ccf7a6d
commit 11f1263a62
21 changed files with 529 additions and 531 deletions
--- a/src/main/template/param_readonly.handlebars
+++ b/src/main/template/param_readonly.handlebars
@@ -1,16 +1,16 @@
-<td class='code'><label for='{{valueId}}'>{{name}}</label></td>
+<td class='code'><label for='{{{escape valueId}}}'>{{{sanitize name}}}</label></td>
 <td>
    {{#if isBody}}
-        <textarea class='body-textarea' readonly='readonly' name='{{name}}' id='{{valueId}}'>{{default}}</textarea>
+        <textarea class='body-textarea' readonly='readonly' name='{{{sanitize name}}}' id='{{{escape valueId}}}'>{{{sanitize default}}}</textarea>
        <div class="parameter-content-type" />
    {{else}}
        {{#if default}}
-            {{default}}
+            {{{sanitize default}}}
        {{else}}
            (empty)
        {{/if}}
    {{/if}}
 </td>
-<td class="markdown">{{{description}}}</td>
-<td>{{{paramType}}}</td>
+<td class="markdown">{{{sanitize description}}}</td>
+<td>{{{escape paramType}}}</td>
 <td><span class="model-signature"></span></td>