[checkmk-commits] 6565 SEC Fixed possible XSS issues in Bookmarks snapin

Module: check_mk Branch: master Commit: 851a9ef962ee30605030fae820bd82941946e138 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=851a9ef962ee30… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Sep 13 18:19:42 2018 +0200 6565 SEC Fixed possible XSS issues in Bookmarks snapin We've discovered and fixed several possible XSS issues affecting the Bookmarks snapin. These could be used to execute arbitrary javascript code in the context of an authenticated user. Change-Id: I00bcaf7fb226ecbc2da68c4e5d851fc6787c9967 --- .werks/6565 | 12 ++++++++++++ cmk/gui/htmllib.py | 4 ++-- cmk/gui/plugins/sidebar/utils.py | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.werks/6565 b/.werks/6565 new file mode 100644 index 0000000..b238de7 --- /dev/null +++ b/.werks/6565 @@ -0,0 +1,12 @@ +Title: Fixed possible XSS issues in Bookmarks snapin +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536855459 +Class: security + +We've discovered and fixed several possible XSS issues affecting +the Bookmarks snapin. These could be used to execute arbitrary +javascript code in the context of an authenticated user. diff --git a/cmk/gui/htmllib.py b/cmk/gui/htmllib.py index 92fe1e6..303fa8f 100644 --- a/cmk/gui/htmllib.py +++ b/cmk/gui/htmllib.py @@ -2593,8 +2593,8 @@ class html(HTMLGenerator): if self._user_id: isopen = self.foldable_container_is_open(treename, id, isopen) - onclick = "toggle_foldable_container(\'%s\', \'%s\', \'%s\')"\ - % (treename, id, fetch_url if fetch_url else '') + onclick = "toggle_foldable_container(%s, %s, %s)"\ + % (json.dumps(treename), json.dumps(id), json.dumps(fetch_url if fetch_url else '')) img_id = "treeimg.%s.%s" % (treename, id) diff --git a/cmk/gui/plugins/sidebar/utils.py b/cmk/gui/plugins/sidebar/utils.py index 54d1b07..aed44c0 100644 --- a/cmk/gui/plugins/sidebar/utils.py +++ b/cmk/gui/plugins/sidebar/utils.py @@ -259,7 +259,7 @@ def bulletlink(text, url, target="main", onclick = None): def iconlink(text, url, icon): html.open_a(class_=["iconlink", "link"], target="main", href=url) html.icon(icon=icon, help=None, cssclass="inline") - html.write(text) + html.write_text(text) html.close_a() html.br()