saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-09-12 03:25:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Escape user data from admin panel when calling JS

Browse Source
This commit is contained in:
Daniel García
2019-02-17 15:22:27 +01:00
parent a744b9437a
commit d7eeaaf249
2 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/static/templates/admin/page.hbs
View File

@@ -27,8 +27,8 @@
</span>
</div>
<div style="flex: 0 0 240px;">
<a class="mr-3" href="#" onclick='deauthUser("{{Id}}")'>Deauthorize sessions</a>
<a class="mr-3" href="#" onclick='deleteUser("{{Id}}", "{{Email}}")'>Delete User</a>
<a class="mr-3" href="#" onclick='deauthUser({{jsesc Id}})'>Deauthorize sessions</a>
<a class="mr-3" href="#" onclick='deleteUser({{jsesc Id}}, {{jsesc Email}})'>Delete User</a>
</div>
</div>
</div>
@@ -101,7 +101,7 @@
{{/if}}
{{/each}}
<button type="submit" class="btn btn-primary">Save</button>
<button type="button" class="btn btn-danger float-right" onclick="deleteConfig();">Reset defaults</button>
<button type="button" class="btn btn-danger float-right" onclick="deleteConf();">Reset defaults</button>
</form>
</div>
</div>
@@ -192,7 +192,7 @@
"Error saving config", data);
return false;
}
function deleteConfig() {
function deleteConf() {
var input = prompt("This will remove all user configurations, and restore the defaults and the " +
"values set by the environment. This operation could be dangerous. Type 'DELETE' to proceed:");
if (input === "DELETE") {