Fix xss vulnerability (#924)
* Fix XSS vulnerability for Distribution Set and Software Module field * Fix XSS vulnerability for Artifact Details of header in Upload view * Fix XSS vulnerability in Distribution View Software Module box show artifact details window and fix SonarQube issue * Fix XSS vulnerability in Upload View Software Module field manage metadata * Fix XSS vulnerability for Notifications when creating or deleting new or existing Distributions or Software Modules plus adapting error notifications when trying to duplicate * Fix XSS vulnerability for Distributions View when assigning sm to dist confirmation popup text * Fix XSS vulnerability for Distributions View modules tab of distribution value of SoftwareModule * Fix XSS vulnerability for Deployment View assigned tab of target which has risky distribution assigned * Fix XSS vulnerability in Deployment view action history (of) field and eliminate bugs * Fix XSS vulnerability bug in Deployment View Action history of field * Fix XSS vulnerability for Distributions View Module tab as it rendered tool tip * Fix XSS vulnerability formatting * Invented some IDs to ease testing regarding XSS vulnerability * Fix XSS peer review findings * Fix XSS vulnerability for Distribution Set and Software Module field * Resolve merge conflicts Signed-off-by: Ammar Bikic <ammar.bikic@bosch-si.com>
This commit is contained in:
@@ -38,7 +38,7 @@ $generic-text-font-size: $generic-text-font-scale * $v-font-size;
|
||||
|
||||
//Report widget max icon style
|
||||
.icon-only {
|
||||
@include sp-icon-style($sp-button-size : $icon-font-size);
|
||||
@include sp-icon-style($sp-button-size: $icon-font-size);
|
||||
margin-bottom: 12px !important;
|
||||
margin-right: 6px !important;
|
||||
}
|
||||
@@ -91,6 +91,39 @@ $generic-text-font-size: $generic-text-font-scale * $v-font-size;
|
||||
-webkit-text-overflow: ellipsis;
|
||||
}
|
||||
|
||||
.text-bold {
|
||||
font-weight: bold !important;
|
||||
}
|
||||
|
||||
.v-Notification-error .v-icon {
|
||||
color: white;
|
||||
}
|
||||
|
||||
.header-caption-right {
|
||||
padding-right: 0.5em;
|
||||
}
|
||||
|
||||
.avoid-tooltip {
|
||||
pointer-events: none !important;
|
||||
}
|
||||
|
||||
//This was needed to make the split of prefix "Artifact details of"
|
||||
//and the actual value "smName:smVersion" in context of the XSS vulnerabilities
|
||||
//possible after changing ContentMode
|
||||
//from HTML to TEXT. As no Labels allowed at the windows caption field of the
|
||||
//artifact details window , decision was made to use the methods
|
||||
//Window.setAssistivePrefix() and Window.setAssistivePostfix() to solve the XSS-problem.
|
||||
//Both, assistive postfix and prefix are usually not visible on the page and only for
|
||||
//assistive purpose, but with overwriting this third party html class it's a possible
|
||||
//workaround for the XSS vulnerability. I added a comment in the generic-styles.scss.
|
||||
.v-assistive-device-only {
|
||||
position: static;
|
||||
top: auto;
|
||||
left: auto;
|
||||
width: auto;
|
||||
overflow: visible;
|
||||
}
|
||||
|
||||
.v-panel,
|
||||
.v-textfield {
|
||||
background: $widget-bg;
|
||||
|
||||
@@ -169,7 +169,7 @@
|
||||
|
||||
//confimation dialogue popup - Content margin adjustment
|
||||
.confirmbox-question-label {
|
||||
margin: 0 8px 8px;
|
||||
margin: 15px 8px 18px 8px;
|
||||
}
|
||||
|
||||
.bulk-upload-button{
|
||||
|
||||
@@ -98,9 +98,9 @@ distribution.set.tag.updated.event.container.notifcation.message=distribution se
|
||||
caption.filter.by.type = Filter by type
|
||||
caption.bulk.upload = Bulk Upload
|
||||
caption.action.history = Action history
|
||||
caption.action.history.for = Action history for {0}
|
||||
caption.action.history.for = Action history for
|
||||
caption.artifact.details = Artifact Details
|
||||
caption.artifact.details.of = Artifact Details of {0}
|
||||
caption.artifact.details.of = Artifact Details of
|
||||
caption.action.states= Action States
|
||||
caption.action.messages = Messages
|
||||
caption.error = Error
|
||||
|
||||
Reference in New Issue
Block a user