PM-1610 "Designer: Es posible crear 'Procesos' con caracteres..." SOLVED

Issue: Designer: Es posible crear 'Procesos' con caracteres especiales como <script>alert('Hey there!');</script> Cause: En Front-end no se esta validando este campo cuando se ingresa texto con el tag <script> Solution: Se ha agregado validacion para este campo, para impedir el ingreso de tags "<script>", "<iframe>"
2015-02-27 13:16:41 -04:00
parent 022df1891d
commit 2e58046c8a
1 changed files with 3 additions and 3 deletions
--- a/workflow/engine/templates/processes/main.js
+++ b/workflow/engine/templates/processes/main.js
@@ -33,13 +33,13 @@ new Ext.KeyMap(document, {
 });

 Ext.apply(Ext.form.VTypes, {
-    processTitle: function (value, field)
+    textWithoutTags: function (value, field)
    {
        var strAux = "a|applet|b|body|br|button|code|div|em|embed|form|frame|frameset|head|header|html|iframe|img|input|noscript|object|script|select|style|table|textarea";

        return !(eval("/^.*\\x3C[\\s\\x2F]*(?:" + strAux + ")\\s*.*\\x3E.*$/").test(value));
    },
-    processTitleText: ""
+    textWithoutTagsText: ""
 });

 Ext.onReady(function(){
@@ -530,7 +530,7 @@ function newProcess(params)
        width: 260,
        maskRe: /^(?!^(PRN|AUX|CLOCK\$|NUL|CON|COM\d|LPT\d|\...*)(\..+)?$)[^\x00-\x1f\\?*\";|/]+$/i,
        allowBlank: false,
-        vtype: "processTitle"
+        vtype: "textWithoutTags"
      },  {
        id: 'PRO_DESCRIPTION',
        fieldLabel: _('ID_DESCRIPTION'),