Fix XSS on tasks page

mher · Dec 13, 2016 · 0f2eab3 · 0f2eab3
1 parent 6cc83ed
commit 0f2eab3
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/flower/static/js/flower.js b/flower/static/js/flower.js
@@ -800,7 +800,20 @@ var flower = (function () {
             }, {
                 targets: 4,
                 data: 'kwargs',
-                visible: isColumnVisible('kwargs')
+                visible: isColumnVisible('kwargs'),
+                render: function (data) {
+                   var entityMap = {
+                      '&': '&amp;',
+                      '<': '&lt;',
+                      '>': '&gt;',
+                      '"': '&quot;',
+                      '\'': '&#39;',
+                      '/': '&#x2F;'
+                  };
+                  return data.replace(/[&<>"'\/]/g, function (s) {
+                      return entityMap[s];
+                  });
+                }
             }, {
                 targets: 5,
                 data: 'result',