Alexandru DAMIAN c5d19aae55 bitbake: toastergui: fix XSS injection points in projects page ...

We close XSS injection points in Projects page.

* modify the json filter to properly escape HTML tags in strings
* enable $sanitize to automatically sanitize dangerous HTML in
user-supplied input
* clean dangerous characters in targets field, as that field contents
will be directly passed to a shell command

Based on the vulnerability discovered and the patch provided by Michael Wood.

(Bitbake rev: 23c440db9c076ca37e651bdbbdbefee54998e1dc)

Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2014-11-12 17:04:50 +00:00

..

bin

bitbake: toaster script: webport option and other improvements

2014-11-12 17:04:48 +00:00

contrib

bitbake: newbb.vim: remove PR

2014-08-19 20:41:26 +01:00

doc

bitbake: bitbake: Make printed 'runqueue' be consistently capitalized

2014-11-06 16:45:23 +00:00

lib

bitbake: toastergui: fix XSS injection points in projects page

2014-11-12 17:04:50 +00:00

AUTHORS

misc: Update the email address to a working one.

2011-01-04 14:36:54 +00:00

ChangeLog

*: Fix typo in documentation

2010-08-04 16:12:39 +01:00

COPYING

bitbake: Sync with upstream.

2007-01-08 23:53:01 +00:00

HEADER

bitbake: Sync with upstream.

2007-01-08 23:53:01 +00:00

LICENSE

bitbake: toaster: adding frameworks for the Simple UI

2013-10-18 11:13:49 +01:00

toaster-requirements.txt

bitbake: toaster-requirements.txt: document requirements for the python environment

2014-07-23 20:07:43 +01:00