Skip to content

Commit f620fbd

Browse files
mistic100mistic100
committed
Fix #905 Potential XSS on template generation
1 parent 5a94400 commit f620fbd

File tree

6 files changed

+15
-15
lines changed

6 files changed

+15
-15
lines changed

src/core.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,7 @@ QueryBuilder.prototype.setRoot = function(addRule, data, flags) {
345345
addRule = (addRule === undefined || addRule === true);
346346

347347
var group_id = this.nextGroupId();
348-
var $group = $(this.getGroupTemplate(group_id, 1));
348+
var $group = $($.parseHTML(this.getGroupTemplate(group_id, 1)));
349349

350350
this.$el.append($group);
351351
this.model.root = new Group(null, $group);
@@ -535,7 +535,7 @@ QueryBuilder.prototype.addRule = function(parent, data, flags) {
535535
}
536536

537537
var rule_id = this.nextRuleId();
538-
var $rule = $(this.getRuleTemplate(rule_id));
538+
var $rule = $($.parseHTML(this.getRuleTemplate(rule_id)));
539539
var model = parent.addRule($rule);
540540

541541
model.data = data;
@@ -625,7 +625,7 @@ QueryBuilder.prototype.createRuleFilters = function(rule) {
625625
* @returns {QueryBuilder.Filter[]}
626626
*/
627627
var filters = this.change('getRuleFilters', this.filters, rule);
628-
var $filterSelect = $(this.getRuleFilterSelect(rule, filters));
628+
var $filterSelect = $($.parseHTML(this.getRuleFilterSelect(rule, filters)));
629629

630630
rule.$el.find(QueryBuilder.selectors.filter_container).html($filterSelect);
631631

@@ -654,7 +654,7 @@ QueryBuilder.prototype.createRuleOperators = function(rule) {
654654
}
655655

656656
var operators = this.getOperators(rule.filter);
657-
var $operatorSelect = $(this.getRuleOperatorSelect(rule, operators));
657+
var $operatorSelect = $($.parseHTML(this.getRuleOperatorSelect(rule, operators)));
658658

659659
$operatorContainer.html($operatorSelect);
660660

@@ -700,7 +700,7 @@ QueryBuilder.prototype.createRuleInput = function(rule) {
700700
var filter = rule.filter;
701701

702702
for (var i = 0; i < rule.operator.nb_inputs; i++) {
703-
var $ruleInput = $(this.getRuleInput(rule, i));
703+
var $ruleInput = $($.parseHTML(this.getRuleInput(rule, i)));
704704
if (i > 0) $valueContainer.append(this.settings.inputs_separator);
705705
$valueContainer.append($ruleInput);
706706
$inputs = $inputs.add($ruleInput);

src/plugins/bt-tooltip-errors/plugin.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ QueryBuilder.define('bt-tooltip-errors', function(options) {
1515

1616
// add BT Tooltip data
1717
this.on('getRuleTemplate.filter getGroupTemplate.filter', function(h) {
18-
var $h = $(h.value);
18+
var $h = $($.parseHTML(h.value));
1919
$h.find(QueryBuilder.selectors.error_container).attr('data-toggle', 'tooltip');
2020
h.value = $h.prop('outerHTML');
2121
});

src/plugins/filter-description/plugin.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ QueryBuilder.define('filter-description', function(options) {
1919
}
2020
else {
2121
if ($p.length === 0) {
22-
$p = $('<p class="filter-description"></p>');
22+
$p = $($.parseHTML('<p class="filter-description"></p>'));
2323
$p.appendTo(rule.$el);
2424
}
2525
else {
@@ -49,7 +49,7 @@ QueryBuilder.define('filter-description', function(options) {
4949
}
5050
else {
5151
if ($b.length === 0) {
52-
$b = $('<button type="button" class="btn btn-xs btn-info filter-description" data-toggle="popover"><i class="' + options.icon + '"></i></button>');
52+
$b = $($.parseHTML('<button type="button" class="btn btn-xs btn-info filter-description" data-toggle="popover"><i class="' + options.icon + '"></i></button>'));
5353
$b.prependTo(rule.$el.find(QueryBuilder.selectors.rule_actions));
5454

5555
$b.popover({
@@ -89,7 +89,7 @@ QueryBuilder.define('filter-description', function(options) {
8989
}
9090
else {
9191
if ($b.length === 0) {
92-
$b = $('<button type="button" class="btn btn-xs btn-info filter-description" data-toggle="bootbox"><i class="' + options.icon + '"></i></button>');
92+
$b = $($.parseHTML('<button type="button" class="btn btn-xs btn-info filter-description" data-toggle="bootbox"><i class="' + options.icon + '"></i></button>'));
9393
$b.prependTo(rule.$el.find(QueryBuilder.selectors.rule_actions));
9494

9595
$b.on('click', function() {

src/plugins/invert/plugin.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ QueryBuilder.define('invert', function(options) {
3131
// Modify templates
3232
if (!options.disable_template) {
3333
this.on('getGroupTemplate.filter', function(h) {
34-
var $h = $(h.value);
34+
var $h = $($.parseHTML(h.value));
3535
$h.find(Selectors.condition_container).after(
3636
'<button type="button" class="btn btn-xs btn-default" data-invert="group">' +
3737
'<i class="' + options.icon + '"></i> ' + self.translate('invert') +
@@ -42,7 +42,7 @@ QueryBuilder.define('invert', function(options) {
4242

4343
if (options.display_rules_button && options.invert_rules) {
4444
this.on('getRuleTemplate.filter', function(h) {
45-
var $h = $(h.value);
45+
var $h = $($.parseHTML(h.value));
4646
$h.find(Selectors.rule_actions).prepend(
4747
'<button type="button" class="btn btn-xs btn-default" data-invert="rule">' +
4848
'<i class="' + options.icon + '"></i> ' + self.translate('invert') +

src/plugins/not-group/plugin.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ QueryBuilder.define('not-group', function(options) {
3232
// Modify templates
3333
if (!options.disable_template) {
3434
this.on('getGroupTemplate.filter', function(h) {
35-
var $h = $(h.value);
35+
var $h = $($.parseHTML(h.value));
3636
$h.find(QueryBuilder.selectors.condition_container).prepend(
3737
'<button type="button" class="btn btn-xs btn-default" data-not="group">' +
3838
'<i class="' + options.icon_unchecked + '"></i> ' + self.translate('NOT') +

src/plugins/sortable/plugin.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ QueryBuilder.define('sortable', function(options) {
6363
.addClass('dragging');
6464

6565
// create drop placeholder
66-
var ph = $('<div class="rule-placeholder">&nbsp;</div>')
66+
var ph = $($.parseHTML('<div class="rule-placeholder">&nbsp;</div>'))
6767
.height(src.$el.outerHeight());
6868

6969
placeholder = src.parent.addRule(ph, src.getPos());
@@ -162,14 +162,14 @@ QueryBuilder.define('sortable', function(options) {
162162
if (!options.disable_template) {
163163
this.on('getGroupTemplate.filter', function(h, level) {
164164
if (level > 1) {
165-
var $h = $(h.value);
165+
var $h = $($.parseHTML(h.value));
166166
$h.find(QueryBuilder.selectors.condition_container).after('<div class="drag-handle"><i class="' + options.icon + '"></i></div>');
167167
h.value = $h.prop('outerHTML');
168168
}
169169
});
170170

171171
this.on('getRuleTemplate.filter', function(h) {
172-
var $h = $(h.value);
172+
var $h = $($.parseHTML(h.value));
173173
$h.find(QueryBuilder.selectors.rule_header).after('<div class="drag-handle"><i class="' + options.icon + '"></i></div>');
174174
h.value = $h.prop('outerHTML');
175175
});

0 commit comments

Comments
 (0)