Fix xss remained parts (#947)

* Fix remained XSS related tooltips by disabling them * Adding TODOs to tooltips which has been set to null because of XSS * Removing TODOs because of SonarQube Signed-off-by: Ammar Bikic <ammar.bikic@bosch-si.com>
2020-03-17 07:53:32 +01:00
parent 7cf41c9a28
commit 2dc5a959f0
3 changed files with 6 additions and 3 deletions
--- a/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/common/detailslayout/AbstractMetadataDetailsLayout.java
+++ b/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/common/detailslayout/AbstractMetadataDetailsLayout.java
@@ -81,8 +81,9 @@ public abstract class AbstractMetadataDetailsLayout extends Table {
    }

    private Button customMetadataDetailButton(final String metadataKey) {
+        //After Vaadin 8 migration: Enable tooltip again, currently it is set to [null] to avoid cross site scripting.
        final Button viewIcon = SPUIComponentProvider.getButton(getDetailLinkId(metadataKey), metadataKey,
-                "View " + metadataKey + "  Metadata details", null, false, null, SPUIButtonStyleNoBorder.class);
+                null, null, false, null, SPUIButtonStyleNoBorder.class);
        viewIcon.setData(metadataKey);
        viewIcon.addStyleName(ValoTheme.BUTTON_TINY + " " + ValoTheme.BUTTON_LINK + " " + "on-focus-no-border link"
                + " " + "text-style");
--- a/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/management/targettable/TargetDetails.java
+++ b/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/management/targettable/TargetDetails.java
@@ -266,7 +266,8 @@ public class TargetDetails extends AbstractTableDetailsLayout<Target> {
        sortedAttributes.forEach((key, value) -> {
            final HorizontalLayout conAttributeLayout = SPUIComponentProvider.createNameValueLayout(key.concat("  :  "),
                    value == null ? "" : value);
-            conAttributeLayout.setDescription(key.concat("  :  ") + value);
+            //After Vaadin 8 migration: Enable tooltip again, currently it is set to [null] to avoid cross site scripting.
+            conAttributeLayout.setDescription(null);
            conAttributeLayout.addStyleName("label-style");
            attributesLayout.addComponent(conAttributeLayout);
        });
--- a/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/management/targettag/filter/TargetFilterQueryButtons.java
+++ b/hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/management/targettag/filter/TargetFilterQueryButtons.java
@@ -130,7 +130,8 @@ public class TargetFilterQueryButtons extends Table {
        if (id != null) {
            button.setCaption(name);
        }
-        button.setDescription(name);
+        //After Vaadin 8 migration: Enable tooltip again, currently it is set to [null] to avoid cross site scripting.
+        button.setDescription(null);
        button.setData(itemId);
        button.addClickListener(event -> customTargetTagFilterButtonClick.processButtonClick(event));
        return button;