Mercurial > p > roundup > code
view share/roundup/templates/devel/html/query.js @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 04264349c483 |
| children |
line wrap: on
line source
var action; function display(data) { var list = $("div.list"); list.empty(); list.append(data); } // Run a query with a specific starting point and size function query_start(start, size) { var inputs = $(":input"); var data = {} if (start > 0) data['@startwith'] = start if (size > -1) data['@pagesize'] = size for (var i = 0; i < inputs.length; i++) data[inputs[i].name] = inputs[i].value; jQuery.get(action, data, display); return false; } // Run a query, starting at the first element function query() { return query_start(0, -1) } // Deactivate the form's submit action, and instead // invoke the action as part of (inline) query. function replace_submit() { var form = $("form"); action = form.attr("action"); form.attr("action",""); // reset form.submit(query); } $(document).ready(replace_submit);