" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); } @@ -166,7 +166,7 @@ function showAccountsTab(domainId) { var accountId = json.id; var accountName = json.name; var domainId = json.domainid; - template.attr("id", "account"+accountId).data("accountId", accountId).data("accountName", sanitizeXSS(accountName)).data("domainId", sanitizeXSS(domainId)); + template.attr("id", "account"+accountId).data("accountId", accountId).data("accountName", fromdb(accountName)).data("domainId", fromdb(domainId)); template.find("#account_role").text(toRole(json.accounttype)); template.find("#account_accountid").text(json.id); diff --git a/ui/scripts/cloud.core.configuration.js b/ui/scripts/cloud.core.configuration.js index e63ad79cff8..3f9731e45e5 100644 --- a/ui/scripts/cloud.core.configuration.js +++ b/ui/scripts/cloud.core.configuration.js @@ -71,7 +71,7 @@ function showConfigurationTab() { }); function globalJSONToTemplate(json, template) { - template.data("name", sanitizeXSS(json.name)).attr("id", "global_"+json.name); + template.data("name", fromdb(json.name)).attr("id", "global_"+json.name); (index++ % 2 == 0)? template.addClass("smallrow_even"): template.addClass("smallrow_odd"); template.find("#global_name").text(json.name); template.find("#global_value").text(json.value); @@ -128,9 +128,9 @@ function showConfigurationTab() { } function zoneObjectToRightPanel(obj) { - rightPanel.html("Zone: "+sanitizeXSS(obj.name)); + rightPanel.html("Zone: "+fromdb(obj.name)); var rightContentHtml = - "ZONE: "+sanitizeXSS(obj.name)+"
" + "ZONE: "+fromdb(obj.name)+"
" + "DNS 1: "+obj.dns1+"
" + "DNS 2: "+((obj.dns2 == null) ? "" : obj.dns2) +"
" + "Internal DNS 1: "+obj.internaldns1+"
" @@ -155,10 +155,10 @@ function showConfigurationTab() { } function podObjectToRightPanel(obj) { - rightPanel.html("Pod: " + sanitizeXSS(obj.name)); + rightPanel.html("Pod: " + fromdb(obj.name)); var rightContentHtml = - "POD: "+sanitizeXSS(obj.name)+"
" + "POD: "+fromdb(obj.name)+"
" + "Private CIDR: "+obj.cidr+"
" + "Private IP Range: "+obj.ipRange+"
" + "Gateway: "+obj.gateway+"
"; @@ -329,7 +329,7 @@ function showConfigurationTab() { var obj = {"id": id, "name": name, "dns1": dns1, "dns2": dns2, "internaldns1": internaldns1, "internaldns2": internaldns2, "vlan": vlan, "guestcidraddress": guestcidraddress }; zoneObjectToRightPanel(obj); var zoneName = $("#zone_"+id).find("#zone_name").text(name); - zoneName.data("id", id).data("name", sanitizeXSS(name)).data("dns1", dns1).data("internaldns1", internaldns1).data("guestcidraddress", guestcidraddress); + zoneName.data("id", id).data("name", fromdb(name)).data("dns1", dns1).data("internaldns1", internaldns1).data("guestcidraddress", guestcidraddress); if (dns2 != "") zoneName.data("dns2", dns2); if (internaldns2 != "") @@ -592,7 +592,7 @@ function showConfigurationTab() { var obj = {"id": id, "zoneid": zoneid, "name": newName, "cidr": newCidr, "startip": newStartip, "endip": newEndip, "ipRange": newIpRange, "gateway": newGateway}; podObjectToRightPanel(obj); var podName = $("#pod_"+id).find("#pod_name").text(newName); - podName.data("id", id).data("name", sanitizeXSS(newName)).data("cidr", newCidr).data("startip", newStartip).data("endip", newEndip).data("ipRange", newIpRange).data("gateway", newGateway); + podName.data("id", id).data("name", fromdb(newName)).data("cidr", newCidr).data("startip", newStartip).data("endip", newEndip).data("ipRange", newIpRange).data("gateway", newGateway); loadingImg.hide(); row_container.show(); }, @@ -632,7 +632,7 @@ function showConfigurationTab() { var pods = json.listpodsresponse.pod; if (pods != null && pods.length > 0) { for (var i = 0; i < pods.length; i++) { - podSelect.append(""); + podSelect.append(""); } } else { podSelect.append(""); @@ -649,7 +649,7 @@ function showConfigurationTab() { var domains = json.listdomainsresponse.domain; if (domains != null && domains.length > 0) { for (var i = 0; i < domains.length; i++) { - domainSelect.append(""); + domainSelect.append(""); } } } @@ -900,11 +900,11 @@ function showConfigurationTab() { function zoneJSONToTemplate(json, template) { var zoneid = json.id; - template.data("id", zoneid).data("name", sanitizeXSS(json.name)); + template.data("id", zoneid).data("name", fromdb(json.name)); template.find("#zone_name") .text(json.name) .data("id", zoneid) - .data("name", sanitizeXSS(json.name)) + .data("name", fromdb(json.name)) .data("dns1", json.dns1) .data("internaldns1", json.internaldns1) .data("guestcidraddress", json.guestcidraddress); @@ -1269,17 +1269,17 @@ function showConfigurationTab() { function serviceJSONToTemplate(json, template) { template.attr("id", "service_"+json.id); (index++ % 2 == 0)? template.addClass("smallrow_even"): template.addClass("smallrow_odd"); - template.data("svcId", json.id).data("svcName", sanitizeXSS(unescape(json.name))); + template.data("svcId", json.id).data("svcName", fromdb(json.name)); template.find("#service_id").text(json.id); - template.find("#service_name").text(unescape(json.name)); - template.find("#service_display").text(unescape(json.displaytext)); + template.find("#service_name").text(fromdb(json.name)); + template.find("#service_display").text(fromdb(json.displaytext)); template.find("#service_storagetype").text(json.storagetype); template.find("#service_cpu").text(json.cpunumber + " x " + convertHz(json.cpuspeed)); template.find("#service_memory").text(convertBytes(parseInt(json.memory)*1024*1024)); template.find("#service_offerha").text(toBooleanText(json.offerha)); template.find("#service_networktype").text((json.usevirtualnetwork=="true")? "Public":"Direct"); - template.find("#service_tags").text(unescape(json.tags)); + template.find("#service_tags").text(fromdb(json.tags)); setDateField(json.created, template.find("#service_created")); } @@ -1587,14 +1587,14 @@ function showConfigurationTab() { } else { template.addClass("smallrow_odd"); } - template.data("diskId", json.id).data("diskName", sanitizeXSS(unescape(json.name))); + template.data("diskId", json.id).data("diskName", fromdb(json.name)); template.find("#disk_id").text(json.id); - template.find("#disk_name").text(unescape(json.name)); - template.find("#disk_description").text(unescape(json.displaytext)); + template.find("#disk_name").text(fromdb(json.name)); + template.find("#disk_description").text(fromdb(json.displaytext)); template.find("#disk_disksize").text(convertBytes(json.disksize)); - template.find("#disk_tags").text(unescape(json.tags)); - template.find("#disk_domain").text(unescape(json.domain)); + template.find("#disk_tags").text(fromdb(json.tags)); + template.find("#disk_domain").text(fromdb(json.domain)); } function listDiskOfferings() { diff --git a/ui/scripts/cloud.core.domains.js b/ui/scripts/cloud.core.domains.js index ed883aa393f..1a1f875daee 100644 --- a/ui/scripts/cloud.core.domains.js +++ b/ui/scripts/cloud.core.domains.js @@ -55,7 +55,7 @@ function showDomainsTab() { var template = treenodeTemplate.clone(true); template.attr("id", "domain_"+json.id); - template.data("domainId", json.id).data("domainName", sanitizeXSS(json.name)).data("domainLevel", level); + template.data("domainId", json.id).data("domainName", fromdb(json.name)).data("domainLevel", level); template.find("#domain_title_container").attr("id", "domain_title_container_"+json.id); template.find("#domain_expand_icon").attr("id", "domain_expand_icon_"+json.id); template.find("#domain_name").attr("id", "domain_name_"+json.id).text(json.name); diff --git a/ui/scripts/cloud.core.hosts.js b/ui/scripts/cloud.core.hosts.js index 0bb769b0ba9..10adc943c3c 100644 --- a/ui/scripts/cloud.core.hosts.js +++ b/ui/scripts/cloud.core.hosts.js @@ -42,7 +42,7 @@ function showHostsTab() { var zoneSelect = dialogAddRouting.find("#host_zone").empty(); if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) - zoneSelect.append(""); + zoneSelect.append(""); } //dialogAddRouting.find("#host_zone").change(); } @@ -59,7 +59,7 @@ function showHostsTab() { var podSelect = dialogAddRouting.find("#host_pod").empty(); if (pods != null && pods.length > 0) { for (var i = 0; i < pods.length; i++) { - podSelect.append(""); + podSelect.append(""); } } dialogAddRouting.find("#host_pod").change(); @@ -229,7 +229,7 @@ function showHostsTab() { break; case "host_action_enable_maint" : $("#dialog_confirmation") - .html("Please confirm you enable maintenance for host: "+sanitizeXSS(hostName)+". Enabling maintenance mode will cause a live migration of all running instances on this host to any available host. An alert will be sent to the admin when this process has been completed.
") + .html("Please confirm you enable maintenance for host: "+fromdb(hostName)+". Enabling maintenance mode will cause a live migration of all running instances on this host to any available host. An alert will be sent to the admin when this process has been completed.
") .dialog('option', 'buttons', { "Confirm": function() { var dialogBox = $(this); @@ -305,7 +305,7 @@ function showHostsTab() { break; case "host_action_cancel_maint" : $("#dialog_confirmation") - .html("Please confirm you want to cancel maintenance for host: "+sanitizeXSS(hostName)+".
") + .html("Please confirm you want to cancel maintenance for host: "+fromdb(hostName)+".
") .dialog('option', 'buttons', { "Confirm": function() { var dialogBox = $(this); @@ -382,7 +382,7 @@ function showHostsTab() { break; case "host_action_reconnect" : $("#dialog_confirmation") - .html("Please confirm you want to force a reconnection for host: "+sanitizeXSS(hostName)+".
") + .html("Please confirm you want to force a reconnection for host: "+fromdb(hostName)+".
") .dialog('option', 'buttons', { "Confirm": function() { var dialogBox = $(this); @@ -459,7 +459,7 @@ function showHostsTab() { break; case "host_action_remove" : $("#dialog_confirmation") - .html("Please confirm you want to remove this host: "+sanitizeXSS(hostName)+" from the management server.
") + .html("Please confirm you want to remove this host: "+fromdb(hostName)+" from the management server.
") .dialog('option', 'buttons', { "Confirm": function() { $(this).dialog("close"); @@ -521,7 +521,7 @@ function showHostsTab() { } else { template.find("#row_container").addClass("row_odd"); } - template.data("hostId", json.id).data("hostName", sanitizeXSS(json.name)); + template.data("hostId", json.id).data("hostName", fromdb(json.name)); template.find("#routing_zone").text(json.zonename); template.find("#routing_pod").text(json.podname); diff --git a/ui/scripts/cloud.core.init.js b/ui/scripts/cloud.core.init.js index 4cedccdc7db..ba3eeb97685 100644 --- a/ui/scripts/cloud.core.init.js +++ b/ui/scripts/cloud.core.init.js @@ -353,7 +353,7 @@ $(document).ready(function() { var zoneSelect = $("#capacity_zone_select").empty(); if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) { - zoneSelect.append(""); + zoneSelect.append(""); if(noPods) { $.ajax({ data: "command=listPods&zoneId="+zones[i].id+"&response=json", @@ -538,7 +538,7 @@ $(document).ready(function() { if (pods != null && pods.length > 0) { podSelect.append(""); for (var i = 0; i < pods.length; i++) { - podSelect.append(""); + podSelect.append(""); } } $("#capacity_pod_select").change(); @@ -559,7 +559,7 @@ $(document).ready(function() { for (var i = 0; i < length; i++) { var errorTemplate = $("#recent_error_template").clone(true); errorTemplate.find("#db_error_type").text(toAlertType(alerts[i].type)); - errorTemplate.find("#db_error_msg").append(sanitizeXSS(alerts[i].description)); + errorTemplate.find("#db_error_msg").append(fromdb(alerts[i].description)); setDateField(alerts[i].sent, errorTemplate.find("#db_error_date")); alertGrid.append(errorTemplate.show()); } @@ -579,7 +579,7 @@ $(document).ready(function() { for (var i = 0; i < length; i++) { var errorTemplate = $("#recent_error_template").clone(true); errorTemplate.find("#db_error_type").text("Host - Alert State"); - errorTemplate.find("#db_error_msg").append("Host - " + sanitizeXSS(alerts[i].name) + " has been detected in Alert state."); + errorTemplate.find("#db_error_msg").append("Host - " + fromdb(alerts[i].name) + " has been detected in Alert state."); setDateField(alerts[i].disconnected, errorTemplate.find("#db_error_date")); alertGrid.append(errorTemplate.show()); } @@ -657,7 +657,7 @@ $(document).ready(function() { for (var i = 0; i < length; i++) { var errorTemplate = $("#recent_error_template").clone(true); errorTemplate.find("#db_error_type").text(events[i].type); - errorTemplate.find("#db_error_msg").text(sanitizeXSS(events[i].description)); + errorTemplate.find("#db_error_msg").text(fromdb(events[i].description)); setDateField(events[i].created, errorTemplate.find("#db_error_date")); errorGrid.append(errorTemplate.show()); } @@ -717,7 +717,7 @@ $(document).ready(function() { for (var i = 0; i < length; i++) { var errorTemplate = $("#recent_error_template").clone(true); errorTemplate.find("#db_error_type").text(events[i].type); - errorTemplate.find("#db_error_msg").text(sanitizeXSS(events[i].description)); + errorTemplate.find("#db_error_msg").text(fromdb(events[i].description)); setDateField(events[i].created, errorTemplate.find("#db_error_date")); errorGrid.append(errorTemplate.show()); } diff --git a/ui/scripts/cloud.core.instances.js b/ui/scripts/cloud.core.instances.js index ed4d8082747..50e8ad42fa9 100644 --- a/ui/scripts/cloud.core.instances.js +++ b/ui/scripts/cloud.core.instances.js @@ -205,7 +205,7 @@ function showInstancesTab(p_domainId, p_account) { vmInstance.data("state", result.virtualmachine[0].state); if (result.virtualmachine[0].hostname != undefined) { - vmInstance.find("#vm_host").html("Host: " + sanitizeXSS(result.virtualmachine[0].hostname)); + vmInstance.find("#vm_host").html("Host: " + fromdb(result.virtualmachine[0].hostname)); } else { vmInstance.find("#vm_host").html("Host: "); } @@ -295,7 +295,7 @@ function showInstancesTab(p_domainId, p_account) { vmInstance.data("state", result.virtualmachine[0].state); if (result.virtualmachine[0].hostname != undefined) { - vmInstance.find("#vm_host").html("Host: " + sanitizeXSS(result.virtualmachine[0].hostname)); + vmInstance.find("#vm_host").html("Host: " + fromdb(result.virtualmachine[0].hostname)); } else { vmInstance.find("#vm_host").html("Host: "); } @@ -576,7 +576,7 @@ function showInstancesTab(p_domainId, p_account) { if (offerings != null && offerings.length > 0) { for (var i = 0; i < offerings.length; i++) { - var option = $("").data("name", unescape(offerings[i].name)); + var option = $("").data("name", fromdb(offerings[i].name)); offeringSelect.append(option); } } @@ -611,7 +611,7 @@ function showInstancesTab(p_domainId, p_account) { vmInstance.find(".row_loading").show(); vmInstance.find(".loadingmessage_container .loadingmessage_top p").html("Your virtual instance has been upgraded. Please restart your virtual instance for the new service offering to take effect."); vmInstance.find(".loadingmessage_container").fadeIn("slow"); - vmInstance.find("#vm_service").html("Service: " + sanitizeXSS(unescape(result.virtualmachine[0].serviceofferingname))); + vmInstance.find("#vm_service").html("Service: " + fromdb(result.virtualmachine[0].serviceofferingname)); if (result.virtualmachine[0].haenable =='true') { vmInstance.find("#vm_ha").html("HA: Enabled"); vmInstance.find("#vm_action_ha").text("Disable HA"); @@ -620,7 +620,7 @@ function showInstancesTab(p_domainId, p_account) { vmInstance.find("#vm_action_ha").text("Enable HA"); } } else if (result.jobstatus == 2) { // Failed - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -840,7 +840,7 @@ function showInstancesTab(p_domainId, p_account) { if (isos != null && isos.length > 0) { isoSelect.empty(); for (var i = 0; i < isos.length; i++) { - isoSelect.append("");; + isoSelect.append("");; } } } @@ -1089,15 +1089,15 @@ function showInstancesTab(p_domainId, p_account) { var vmName = getVmName(instanceJSON.name, instanceJSON.displayname); instanceTemplate.data("id", instanceJSON.id) - .data("systemName", sanitizeXSS(instanceJSON.name)) - .data("name", sanitizeXSS(vmName)) + .data("systemName", fromdb(instanceJSON.name)) + .data("name", fromdb(vmName)) .data("passwordEnabled", instanceJSON.passwordenabled) .data("domainId", instanceJSON.domainid) - .data("account", sanitizeXSS(instanceJSON.account)) - .data("zoneId", sanitizeXSS(instanceJSON.zoneid)) + .data("account", fromdb(instanceJSON.account)) + .data("zoneId", fromdb(instanceJSON.zoneid)) .data("state", instanceJSON.state) .data("ha", instanceJSON.haenable); - instanceTemplate.data("group", sanitizeXSS(instanceJSON.group)); + instanceTemplate.data("group", fromdb(instanceJSON.group)); if (instanceJSON.isoId != undefined && instanceJSON.isoid.length > 0) { instanceTemplate.data("isoId", instanceJSON.isoid); @@ -1105,11 +1105,11 @@ function showInstancesTab(p_domainId, p_account) { instanceTemplate.find("#vm_actions").data("id", instanceJSON.id); // Populate the template - instanceTemplate.find("#vm_name").html("Name: " + sanitizeXSS(vmName)); + instanceTemplate.find("#vm_name").html("Name: " + fromdb(vmName)); instanceTemplate.find("#vm_ip_address").html("IP Address: " + instanceJSON.ipaddress); - instanceTemplate.find("#vm_zone").html("Zone: " + sanitizeXSS(instanceJSON.zonename)); - instanceTemplate.find("#vm_template").html("Template: " + sanitizeXSS(instanceJSON.templatename)); - instanceTemplate.find("#vm_service").html("Service: " + sanitizeXSS(unescape(instanceJSON.serviceofferingname))); + instanceTemplate.find("#vm_zone").html("Zone: " + fromdb(instanceJSON.zonename)); + instanceTemplate.find("#vm_template").html("Template: " + fromdb(instanceJSON.templatename)); + instanceTemplate.find("#vm_service").html("Service: " + fromdb(instanceJSON.serviceofferingname)); if (instanceJSON.haenable =='true') { instanceTemplate.find("#vm_ha").html("HA: Enabled"); instanceTemplate.find("#vm_action_ha").text("Disable HA"); @@ -1120,11 +1120,11 @@ function showInstancesTab(p_domainId, p_account) { setDateField(instanceJSON.created, instanceTemplate.find("#vm_created"), "Created: "); - instanceTemplate.find("#vm_account").html("Account: " + sanitizeXSS(instanceJSON.account)); - instanceTemplate.find("#vm_domain").html("Domain: " + sanitizeXSS(instanceJSON.domain)); + instanceTemplate.find("#vm_account").html("Account: " + fromdb(instanceJSON.account)); + instanceTemplate.find("#vm_domain").html("Domain: " + fromdb(instanceJSON.domain)); if (isAdmin()) { if (instanceJSON.hostname != undefined) { - instanceTemplate.find("#vm_host").html("Host: " + sanitizeXSS(instanceJSON.hostname)); + instanceTemplate.find("#vm_host").html("Host: " + fromdb(instanceJSON.hostname)); } else { instanceTemplate.find("#vm_host").html("Host: "); } @@ -1240,7 +1240,7 @@ function showInstancesTab(p_domainId, p_account) { var zoneSelect = vmPopup.find("#wizard_zone").empty(); if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) { - zoneSelect.append(""); + zoneSelect.append(""); } } listTemplatesInVmPopup(); @@ -1256,7 +1256,7 @@ function showInstancesTab(p_domainId, p_account) { if (items != null && items.length > 0) { for (var i = 0; i < items.length; i++) { if(items[i].name != "default") - networkGroupSelect.append(""); + networkGroupSelect.append(""); } } } @@ -1275,7 +1275,7 @@ function showInstancesTab(p_domainId, p_account) { for (var i = 0; i < offerings.length; i++) { var checked = "checked"; if (first == false) checked = ""; - var listItem = $(""); + var listItem = $(""); $("#wizard_service_offering").append(listItem); first = false; } @@ -1304,14 +1304,14 @@ function showInstancesTab(p_domainId, p_account) { var html = "" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, diff --git a/ui/scripts/cloud.core.js b/ui/scripts/cloud.core.js index fe2a4121299..41c6b6d9ed3 100644 --- a/ui/scripts/cloud.core.js +++ b/ui/scripts/cloud.core.js @@ -82,6 +82,14 @@ function isDomainAdmin() { return (g_role == 2); } +function fromdb(val) { + return sanitizeXSS(unescape(noNull(val))); +} + +function todb(val) { + return encodeURIComponent(escape(val)); +} + function setDateField(dateValue, dateField, htmlMarkup) { if (dateValue != null && dateValue.length > 0) { var disconnected = new Date(); @@ -467,6 +475,13 @@ function trim(val) { return val.replace(/^\s*/, "").replace(/\s*$/, ""); } +function noNull(val) { + if(val == null) + return ""; + else + return val; +} + // Prevent cross-site-script(XSS) attack. // used right before adding user input to the DOM tree. e.g. DOM_element.html(sanitizeXSS(user_input)); function sanitizeXSS(val) { diff --git a/ui/scripts/cloud.core.network.js b/ui/scripts/cloud.core.network.js index 4ee686fffff..36fdceb2248 100644 --- a/ui/scripts/cloud.core.network.js +++ b/ui/scripts/cloud.core.network.js @@ -36,7 +36,7 @@ function showNetworkingTab(p_domainId, p_account) { var zoneSelect = $("#dialog_acquire_public_ip #acquire_zone").empty(); if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) { - zoneSelect.append(""); + zoneSelect.append(""); } } } @@ -221,7 +221,7 @@ function showNetworkingTab(p_domainId, p_account) { var domains = json.listdomainsresponse.domain; if (domains != null && domains.length > 0) { for (var i = 0; i < domains.length; i++) { - domainSelect.append(""); + domainSelect.append(""); } } } @@ -517,7 +517,7 @@ function showNetworkingTab(p_domainId, p_account) { } else if (result.jobstatus == 2) { //Fail loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -784,7 +784,7 @@ function showNetworkingTab(p_domainId, p_account) { } else if (result.jobstatus == 2) { //Fail loadingContainer.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -845,7 +845,7 @@ function showNetworkingTab(p_domainId, p_account) { loading.hide(); rowContainer.show(); } else if (result.jobstatus == 2) { // Failed - $("#dialog_error").html("Operation error:
"+ sanitizeXSS(result.jobresult)+"
").dialog("open"); + $("#dialog_error").html("Operation error:
"+ fromdb(result.jobresult)+"
").dialog("open"); loading.hide(); rowContainer.show(); } @@ -1148,7 +1148,7 @@ function showNetworkingTab(p_domainId, p_account) { //*** Network Group (begin) ********************************************************************** function networkGroupJSONToTemplate(json, template) { (index++ % 2 == 0)? template.addClass("smallrow_even"): template.addClass("smallrow_odd"); - template.attr("id", "networkGroup_"+json.id).data("networkGroupId", json.id).data("domainId", json.domainid).data("account",json.account).data("networkGroupName", sanitizeXSS(json.name)); + template.attr("id", "networkGroup_"+json.id).data("networkGroupId", json.id).data("domainId", json.domainid).data("account",json.account).data("networkGroupName", fromdb(json.name)); template.find("#id").text(json.id); template.find("#name").text(json.name); template.find("#description").text(json.description); @@ -1597,7 +1597,7 @@ function showNetworkingTab(p_domainId, p_account) { }); }); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); } diff --git a/ui/scripts/cloud.core.storage.js b/ui/scripts/cloud.core.storage.js index c6c85f23bea..d7e4aa888a8 100644 --- a/ui/scripts/cloud.core.storage.js +++ b/ui/scripts/cloud.core.storage.js @@ -35,10 +35,10 @@ function showStorageTab(domainId, targetTab) { if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) { if(isAdmin) { - poolZoneSelect.append(""); - hostZoneSelect.append(""); + poolZoneSelect.append(""); + hostZoneSelect.append(""); } - volumeZoneSelect.append(""); + volumeZoneSelect.append(""); } } if (isAdmin) { @@ -58,7 +58,7 @@ function showStorageTab(domainId, targetTab) { if (offerings != null && offerings.length > 0) { if (offerings != null && offerings.length > 0) { for (var i = 0; i < offerings.length; i++) - volumeDiskOfferingSelect.append(""); + volumeDiskOfferingSelect.append(""); } } } @@ -177,7 +177,7 @@ function showStorageTab(domainId, targetTab) { }); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); template.slideUp("slow", function() { $(this).remove(); }); @@ -252,8 +252,8 @@ function showStorageTab(domainId, targetTab) { template.data("vmname", getVmName(json.vmname, json.vmdisplayname)); template.data("vmstate", json.vmstate); template.data("domainId", json.domainid); - template.data("account", sanitizeXSS(json.account)); - template.data("volumeName", sanitizeXSS(json.name)); + template.data("account", fromdb(json.account)); + template.data("volumeName", fromdb(json.name)); template.data("vmid", json.virtualmachineid); template.data("zoneId", json.zoneid); @@ -449,7 +449,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -509,7 +509,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -576,7 +576,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1052,7 +1052,7 @@ function showStorageTab(domainId, targetTab) { // Failed loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1132,7 +1132,7 @@ function showStorageTab(domainId, targetTab) { // Failed loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1209,7 +1209,7 @@ function showStorageTab(domainId, targetTab) { if (result.jobstatus == 1) { $("#dialog_info").html("" + ((isPublic=="true")? "Public":"Private") + " template: " + name + " has been successfully created
").dialog("open"); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1275,7 +1275,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1508,7 +1508,7 @@ function showStorageTab(domainId, targetTab) { rowContainer.show(); }); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); template.slideUp("slow", function() { $(this).remove(); }); @@ -1577,7 +1577,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1643,7 +1643,7 @@ function showStorageTab(domainId, targetTab) { } else if (result.jobstatus == 2) { loadingImg.hide(); rowContainer.show(); - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); } } }, @@ -1717,7 +1717,7 @@ function showStorageTab(domainId, targetTab) { template.find("#row_container").addClass("smallrow_odd"); } - template.data("id", json.id).data("name", sanitizeXSS(json.name)); + template.data("id", json.id).data("name", fromdb(json.name)); template.find("#pool_id").text(json.id); template.find("#pool_name").text(json.name); template.find("#pool_zone").text(json.zonename); @@ -1790,7 +1790,7 @@ function showStorageTab(domainId, targetTab) { var podSelect = $("#dialog_add_pool").find("#pool_pod").empty(); if (pods != null && pods.length > 0) { for (var i = 0; i < pods.length; i++) { - podSelect.append(""); + podSelect.append(""); } } $("#dialog_add_pool").find("#pool_pod").change(); @@ -2094,7 +2094,7 @@ function showStorageTab(domainId, targetTab) { } else { template.find("#row_container").addClass("smallrow_odd"); } - template.data("hostName", sanitizeXSS(json.name)); + template.data("hostName", fromdb(json.name)); template.find("#storage_type").text(json.type); template.find("#storage_name").text(json.name); template.find("#storage_zone").text(json.zonename); diff --git a/ui/scripts/cloud.core.templates.js b/ui/scripts/cloud.core.templates.js index ba0b9aa6015..89b2123e393 100644 --- a/ui/scripts/cloud.core.templates.js +++ b/ui/scripts/cloud.core.templates.js @@ -73,8 +73,8 @@ function showTemplatesTab() { var zones = json.listzonesresponse.zone; if (zones != null && zones.length > 0) { for (var i = 0; i < zones.length; i++) { - addTemplateZoneField.append(""); - addIsoZoneField.append(""); + addTemplateZoneField.append(""); + addIsoZoneField.append(""); g_zoneIds.push(zones[i].id); g_zoneNames.push(zones[i].name); } @@ -87,7 +87,7 @@ function showTemplatesTab() { if (g_zoneIds != null && g_zoneIds.length > 0) { for (var i = 0; i < g_zoneIds.length; i++) { if(g_zoneIds[i] != excludeZoneId) - zoneField.append(""); + zoneField.append(""); } } } @@ -118,8 +118,8 @@ function showTemplatesTab() { var templateServiceOfferingField = $("#dialog_create_vm_from_template #service_offering").empty(); var isoServiceOfferingField = $("#dialog_create_vm_from_iso #service_offering").empty(); for(var i = 0; i < items.length; i++) { - templateServiceOfferingField.append(""); - isoServiceOfferingField.append(""); + templateServiceOfferingField.append(""); + isoServiceOfferingField.append(""); } } } @@ -137,8 +137,8 @@ function showTemplatesTab() { var isoDiskOfferingField = $("#dialog_create_vm_from_iso #disk_offering").empty(); for(var i = 0; i < items.length; i++) { - templateDiskOfferingField.append(""); - isoDiskOfferingField.append(""); + templateDiskOfferingField.append(""); + isoDiskOfferingField.append(""); } } @@ -234,9 +234,9 @@ function showTemplatesTab() { (index++ % 2 == 0)? template.addClass("dbsmallrow_odd"):template.addClass("dbsmallrow_even"); template.attr("id", "template"+json.id+"_zone"+json.zoneid); template.data("templateId", json.id); - template.data("zoneId",sanitizeXSS(json.zoneid)); - template.data("zoneName",sanitizeXSS(json.zonename)); - template.data("name", sanitizeXSS(json.name)); + template.data("zoneId",fromdb(json.zoneid)); + template.data("zoneName",fromdb(json.zonename)); + template.data("name", fromdb(json.name)); template.data("isPublic", json.ispublic); template.data("isFeatured", json.isfeatured); template.data("passwordEnabled", json.passwordenabled); @@ -420,7 +420,7 @@ function showTemplatesTab() { that.slideUp("slow", function() { $(this).remove() }); changeGridRowsTotal($("#submenu_content_template").find("#grid_rows_total"), -1); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); } @@ -497,13 +497,13 @@ function showTemplatesTab() { } else { $("body").stopTime(timerKey); if (result.jobstatus == 1) { - $("#dialog_info").html("Template download started (ID: "+result.copytemplateresponse[0].id+", Zone: "+sanitizeXSS(result.copytemplateresponse[0].zonename)+", Name: "+sanitizeXSS(result.copytemplateresponse[0].name)+") . Check the progress...
").dialog("open"); + $("#dialog_info").html("Template download started (ID: "+result.copytemplateresponse[0].id+", Zone: "+fromdb(result.copytemplateresponse[0].zonename)+", Name: "+fromdb(result.copytemplateresponse[0].name)+") . Check the progress...
").dialog("open"); loadingImg.hide(); rowContainer.show(); $("#template_type").val("self"); $("#template_type").change(); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); } @@ -610,15 +610,15 @@ function showTemplatesTab() { // Succeeded var htmlMsg; if (result.virtualmachine[0].passwordenabled == 'true') - htmlMsg = "Your instance from " + sanitizeXSS(name) + " has been successfully created. Your new password is : " + result.virtualmachine[0].password + " . Please change it as soon as you log into your new instance"; + htmlMsg = "Your instance from " + fromdb(name) + " has been successfully created. Your new password is : " + result.virtualmachine[0].password + " . Please change it as soon as you log into your new instance"; else - htmlMsg = "Your instance from " + sanitizeXSS(name) + " has been successfully created."; + htmlMsg = "Your instance from " + fromdb(name) + " has been successfully created."; $("#dialog_info").html(htmlMsg).dialog("open"); loadingImg.hide(); rowContainer.show(); } else if (result.jobstatus == 2) { // Failed - $("#dialog_info").html("Unable to create your new instance from " + sanitizeXSS(name) + " due to the error: " + sanitizeXSS(result.jobresult)).dialog("open"); + $("#dialog_info").html("Unable to create your new instance from " + fromdb(name) + " due to the error: " + fromdb(result.jobresult)).dialog("open"); loadingImg.hide(); rowContainer.show(); } @@ -804,9 +804,9 @@ function showTemplatesTab() { } template.data("isoId", json.id); - template.data("zoneId",sanitizeXSS(json.zoneid)); - template.data("zoneName",sanitizeXSS(json.zonename)); - template.data("name", sanitizeXSS(json.name)); + template.data("zoneId",fromdb(json.zoneid)); + template.data("zoneName",fromdb(json.zonename)); + template.data("name", fromdb(json.name)); template.data("isPublic", json.ispublic); template.find("#iso_id").text(json.id); @@ -928,7 +928,7 @@ function showTemplatesTab() { that.slideUp("slow", function() { $(this).remove() }); changeGridRowsTotal($("#submenu_content_iso").find("#grid_rows_total"), -1); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); } @@ -1009,13 +1009,13 @@ function showTemplatesTab() { } else { $("body").stopTime(timerKey); if (result.jobstatus == 1) { - $("#dialog_info").html("ISO download started (ID: "+result.copytemplateresponse[0].id+", Zone: "+sanitizeXSS(result.copytemplateresponse[0].zonename)+", Name: "+sanitizeXSS(result.copytemplateresponse[0].name)+") . Check the progress...
").dialog("open"); + $("#dialog_info").html("ISO download started (ID: "+result.copytemplateresponse[0].id+", Zone: "+fromdb(result.copytemplateresponse[0].zonename)+", Name: "+fromdb(result.copytemplateresponse[0].name)+") . Check the progress...
").dialog("open"); loadingImg.hide(); rowContainer.show(); currentPage=1; //refresh the whole ISO grid until Keshav changes copyIso to return the newly created ISO. listIsos(); } else if (result.jobstatus == 2) { - $("#dialog_alert").html("" + sanitizeXSS(result.jobresult) + "
").dialog("open"); + $("#dialog_alert").html("" + fromdb(result.jobresult) + "
").dialog("open"); loadingImg.hide(); rowContainer.show(); }