dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UI: Fixed reflected html injection via login error

Browse Source
This commit is contained in:
Vladyslav_Prykhodko 2023-10-25 11:44:06 +03:00
parent c238576e54
commit 0ebe320421
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ui-ngx/src/app/core/auth/auth.service.ts
View File

@ -370,7 +370,8 @@ export class AuthService {
data: { data: {
title: translations['login.error'], title: translations['login.error'],
message: loginError, message: loginError,
ok: translations['action.close'] ok: translations['action.close'],
textMode: true
} }
}; };
this.dialog.open(AlertDialogComponent, dialogConfig); this.dialog.open(AlertDialogComponent, dialogConfig);

7
ui-ngx/src/app/shared/components/dialog/alert-dialog.component.html
View File

@ -16,7 +16,12 @@
--> -->
<h2 mat-dialog-title>{{data.title}}</h2> <h2 mat-dialog-title>{{data.title}}</h2>
<div mat-dialog-content [innerHTML]="data.message | safe:'html'"></div> <ng-container *ngIf="data.textMode; else htmlMode">
<div mat-dialog-content [innerText]="data.message"></div>
</ng-container>
<ng-template #htmlMode>
<div mat-dialog-content [innerHTML]="data.message | safe:'html'"></div>
</ng-template>
<div mat-dialog-actions fxLayoutAlign="end center"> <div mat-dialog-actions fxLayoutAlign="end center">
<button mat-button color="primary" [mat-dialog-close]="true" cdkFocusInitial>{{data.ok}}</button> <button mat-button color="primary" [mat-dialog-close]="true" cdkFocusInitial>{{data.ok}}</button>
</div> </div>

1
ui-ngx/src/app/shared/components/dialog/alert-dialog.component.ts
View File

@ -21,6 +21,7 @@ export interface AlertDialogData {
title: string; title: string;
message: string; message: string;
ok: string; ok: string;
textMode?: boolean;
} }
@Component({ @Component({