fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PM-1610 "Designer: Es posible crear 'Procesos' con caracteres..." SOLVED

Browse Source 
Issue:
    Designer: Es posible crear 'Procesos' con caracteres especiales
    como <script>alert('Hey there!');</script>
Cause:
    En Front-end no se esta validando este campo
    cuando se ingresa texto con el tag <script>
Solution:
    Se ha agregado validacion para este campo,
    para impedir el ingreso de tags "<script>", "<iframe>"
This commit is contained in:
Victor Saisa Lopez
2015-02-27 12:35:57 -04:00
parent e9c5e2c74f
commit 022df1891d
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
workflow/engine/templates/processes/main.js
View File

@@ -32,6 +32,15 @@ new Ext.KeyMap(document, {
} }
}); });
Ext.apply(Ext.form.VTypes, {
processTitle: function (value, field)
{
var strAux = "a|applet|b|body|br|button|code|div|em|embed|form|frame|frameset|head|header|html|iframe|img|input|noscript|object|script|select|style|table|textarea";
return !(eval("/^.*\\x3C[\\s\\x2F]*(?:" + strAux + ")\\s*.*\\x3E.*$/").test(value));
},
processTitleText: ""
});
Ext.onReady(function(){ Ext.onReady(function(){
Ext.state.Manager.setProvider(new Ext.state.CookieProvider()); Ext.state.Manager.setProvider(new Ext.state.CookieProvider());
@@ -520,7 +529,8 @@ function newProcess(params)
xtype:'textfield', xtype:'textfield',
width: 260, width: 260,
maskRe: /^(?!^(PRN|AUX|CLOCK\$|NUL|CON|COM\d|LPT\d|\...*)(\..+)?$)[^\x00-\x1f\\?*\";|/]+$/i, maskRe: /^(?!^(PRN|AUX|CLOCK\$|NUL|CON|COM\d|LPT\d|\...*)(\..+)?$)[^\x00-\x1f\\?*\";|/]+$/i,
allowBlank: false allowBlank: false,
vtype: "processTitle"
}, { }, {
id: 'PRO_DESCRIPTION', id: 'PRO_DESCRIPTION',
fieldLabel: _('ID_DESCRIPTION'), fieldLabel: _('ID_DESCRIPTION'),