MDL-45471 javascript: Escape content of exception dialogs

diff --git a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-debug.js b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-debug.js
index cc265b3..9c79b77 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-debug.js and b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-debug.js differ

diff --git a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-min.js b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-min.js
index dbe7855..22a7bcc 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-min.js and b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception-min.js differ

diff --git a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception.js b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception.js
index cc265b3..9c79b77 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception.js and b/lib/yui/build/moodle-core-notification-ajaxexception/moodle-core-notification-ajaxexception.js differ

diff --git a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-debug.js b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-debug.js
index c8da6ee..44d860f 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-debug.js and b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-debug.js differ

diff --git a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-min.js b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-min.js
index 65762d5..171c5bc 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-min.js and b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue-min.js differ

diff --git a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue.js b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue.js
index 8387c3f..ea69475 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue.js and b/lib/yui/build/moodle-core-notification-dialogue/moodle-core-notification-dialogue.js differ

diff --git a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-debug.js b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-debug.js
index 968109c..3f813af 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-debug.js and b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-debug.js differ

diff --git a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-min.js b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-min.js
index 2007b8f..4fb70e3 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-min.js and b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception-min.js differ

diff --git a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception.js b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception.js
index 968109c..3f813af 100644 (file)
Binary files a/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception.js and b/lib/yui/build/moodle-core-notification-exception/moodle-core-notification-exception.js differ

diff --git a/lib/yui/src/notification/js/ajaxexception.js b/lib/yui/src/notification/js/ajaxexception.js
index 74eb5dc..a28774a 100644 (file)
--- a/lib/yui/src/notification/js/ajaxexception.js
+++ b/lib/yui/src/notification/js/ajaxexception.js
@@ -30,15 +30,16 @@ Y.extend(AJAXEXCEPTION, M.core.notification.info, {
             delay = this.get('hideTimeoutDelay');
         this.get(BASE).addClass('moodle-dialogue-exception');
         this.setStdModContent(Y.WidgetStdMod.HEADER,
-                '<h1 id="moodle-dialogue-'+this.get('COUNT')+'-header-text">' + config.name + '</h1>', Y.WidgetStdMod.REPLACE);
+                '<h1 id="moodle-dialogue-'+this.get('COUNT')+'-header-text">' + Y.Escape.html(config.name) + '</h1>',
+                Y.WidgetStdMod.REPLACE);
         content = Y.Node.create('<div class="moodle-ajaxexception"></div>')
-                .append(Y.Node.create('<div class="moodle-exception-message">'+this.get('error')+'</div>'))
+                .append(Y.Node.create('<div class="moodle-exception-message">'+Y.Escape.html(this.get('error'))+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-debuginfo"><label>URL:</label> ' +
                         this.get('reproductionlink')+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-debuginfo"><label>Debug info:</label> ' +
-                        this.get('debuginfo')+'</div>'))
+                        Y.Escape.html(this.get('debuginfo'))+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-stacktrace"><label>Stack trace:</label> <pre>' +
-                        this.get('stacktrace')+'</pre></div>'));
+                        Y.Escape.html(this.get('stacktrace'))+'</pre></div>'));
         if (M.cfg.developerdebug) {
             content.all('.moodle-exception-param').removeClass('hidden');
         }
@@ -111,6 +112,7 @@ Y.extend(AJAXEXCEPTION, M.core.notification.info, {
         reproductionlink : {
             setter : function(link) {
                 if (link !== null) {
+                    link = Y.Escape.html(link);
                     link = '<a href="'+link+'">'+link.replace(M.cfg.wwwroot, '')+'</a>';
                 }
                 return link;

diff --git a/lib/yui/src/notification/js/exception.js b/lib/yui/src/notification/js/exception.js
index 78186ea..72f71e2 100644 (file)
--- a/lib/yui/src/notification/js/exception.js
+++ b/lib/yui/src/notification/js/exception.js
@@ -46,13 +46,14 @@ Y.extend(EXCEPTION, M.core.notification.info, {
             delay = this.get('hideTimeoutDelay');
         this.get(BASE).addClass('moodle-dialogue-exception');
         this.setStdModContent(Y.WidgetStdMod.HEADER,
-                '<h1 id="moodle-dialogue-'+config.COUNT+'-header-text">' + config.name + '</h1>', Y.WidgetStdMod.REPLACE);
+                '<h1 id="moodle-dialogue-'+config.COUNT+'-header-text">' + Y.Escape.html(config.name) + '</h1>',
+                Y.WidgetStdMod.REPLACE);
         content = Y.Node.create('<div class="moodle-exception"></div>')
-                .append(Y.Node.create('<div class="moodle-exception-message">'+this.get('message')+'</div>'))
+                .append(Y.Node.create('<div class="moodle-exception-message">'+Y.Escape.html(this.get('message'))+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-filename"><label>File:</label> ' +
-                        this.get('fileName')+'</div>'))
+                        Y.Escape.html(this.get('fileName'))+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-linenumber"><label>Line:</label> ' +
-                        this.get('lineNumber')+'</div>'))
+                        Y.Escape.html(this.get('lineNumber'))+'</div>'))
                 .append(Y.Node.create('<div class="moodle-exception-param hidden param-stacktrace"><label>Stack trace:</label> <pre>' +
                         this.get('stack')+'</pre></div>'));
         if (M.cfg.developerdebug) {
@@ -133,7 +134,7 @@ Y.extend(EXCEPTION, M.core.notification.info, {
          */
         stack : {
             setter : function(str) {
-                var lines = str.split("\n"),
+                var lines = Y.Escape.html(str).split("\n"),
                     pattern = new RegExp('^(.+)@('+M.cfg.wwwroot+')?(.{0,75}).*:(\\d+)$'),
                     i;
                 for (i in lines) {

diff --git a/lib/yui/src/notification/meta/notification.json b/lib/yui/src/notification/meta/notification.json
index db9bd7a..2ba870f 100644 (file)
--- a/lib/yui/src/notification/meta/notification.json
+++ b/lib/yui/src/notification/meta/notification.json
@@ -13,6 +13,7 @@
         "base",
         "node",
         "panel",
+        "escape",
         "event-key",
         "dd-plugin",
         "moodle-core-widget-focusafterclose",