diff --git a/lib/Catalyst/Plugin/EscapeJs.pm b/lib/Catalyst/Plugin/EscapeJs.pm
new file mode 100644
index 0000000000..f7dc9b659f
--- /dev/null
+++ b/lib/Catalyst/Plugin/EscapeJs.pm
@@ -0,0 +1,16 @@
+package Catalyst::Plugin::EscapeJs;
+use warnings;
+use strict;
+use MRO::Compat;
+
+sub escape_js {
+ my $c = shift;
+ my $str = shift;
+ my $quote_char = shift;
+ $quote_char //= "'";
+ $str =~ s/\\/\\\\/g;
+ $str =~ s/$quote_char/\\$quote_char/g;
+ return $str;
+}
+
+1;
\ No newline at end of file
diff --git a/lib/NGCP/Panel.pm b/lib/NGCP/Panel.pm
index 1ba020b297..1cc24d79fe 100644
--- a/lib/NGCP/Panel.pm
+++ b/lib/NGCP/Panel.pm
@@ -27,6 +27,7 @@ use Catalyst qw/
Session::Store::Redis
Session::State::Cookie
EscapeSensitiveValue
+ EscapeJs
I18N
/;
use Log::Log4perl::Catalyst qw();
diff --git a/share/layout/body.tt b/share/layout/body.tt
index 340447d568..d0d2603347 100644
--- a/share/layout/body.tt
+++ b/share/layout/body.tt
@@ -145,7 +145,7 @@ var mainWrapperInit = function () {
$('.sw_action_row').hover(
function() { $(this).find('.sw_actions').css('visibility','visible'); },
function() { $(this).find('.sw_actions').css('visibility','hidden'); }
- );
+ );
$('a[data-confirm]').live("click", function(ev) {
var href = $(this).attr('href');
@@ -154,15 +154,15 @@ var mainWrapperInit = function () {
$('body').append(
''+
''+
''+
'
'
);
- }
+ }
$('#dataConfirmOK').attr('href', href);
if( href.search(/^javascript:/i ) > -1 ){
$('#dataConfirmOK').attr('onclick', href);
@@ -205,7 +205,7 @@ var mainWrapperInit = function () {
var backuri = $(this).data('backuri') ? $(this).data('backuri') : '[%- backuri | uri -%]';
var _back = 'back='+backuri;
if(_href == null || _href.match(/[&\?]back=/)) {
- // ignore
+ // ignore
} else if(_href.match(/\?/)) {
$(this).attr('href', _href + '&' + _back);
} else {
diff --git a/share/templates/widgets/admin_billing_overview.tt b/share/templates/widgets/admin_billing_overview.tt
index d979a57127..f20c792e48 100644
--- a/share/templates/widgets/admin_billing_overview.tt
+++ b/share/templates/widgets/admin_billing_overview.tt
@@ -4,21 +4,21 @@ enqueLists.push([{
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
- $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.loc('Peering Costs') %]');
+ $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.escape_js(c.loc('Peering Costs')) %]');
}
},{
res: 'reseller_sum',
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
- $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.loc('Reseller Revenue') %]');
+ $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.escape_js(c.loc('Reseller Revenue')) %]');
}
},{
res: 'customer_sum',
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
- $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.loc('Customer Revenue') %]');
+ $("#admin_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.escape_js(c.loc('Customer Revenue')) %]');
}
},{
res: 'profiles_count',
@@ -29,7 +29,7 @@ enqueLists.push([{
$("#admin_billing_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Billing Profile') %]' : '[% c.loc('Billing Profiles') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Billing Profile')) %]' : '[% c.escape_js(c.loc('Billing Profiles')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/admin_peering_overview.tt b/share/templates/widgets/admin_peering_overview.tt
index 49e5b267c6..23e47e74e8 100644
--- a/share/templates/widgets/admin_peering_overview.tt
+++ b/share/templates/widgets/admin_peering_overview.tt
@@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "AdminPeeringOverview",
cb: function(data) {
//console.log(data);
- $("#admin_peering_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Peering Server') %]' : '[% c.loc('Peering Servers') %]') + '');
+ $("#admin_peering_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Server')) %]' : '[% c.escape_js(c.loc('Peering Servers')) %]') + '');
}
},{
res: 'rules_count',
widgetName: "AdminPeeringOverview",
cb: function(data) {
//console.log(data);
- $("#admin_peering_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Peering Rule') %]' : '[% c.loc('Peering Rules') %]') + '');
+ $("#admin_peering_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Rule')) %]' : '[% c.escape_js(c.loc('Peering Rules')) %]') + '');
}
},{
res: 'groups_count',
@@ -22,7 +22,7 @@ enqueLists.push([{
$("#admin_peering_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Peering Group') %]' : '[% c.loc('Peering Groups') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Group')) %]' : '[% c.escape_js(c.loc('Peering Groups')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/admin_reseller_overview.tt b/share/templates/widgets/admin_reseller_overview.tt
index b231f62f44..3d164ac084 100644
--- a/share/templates/widgets/admin_reseller_overview.tt
+++ b/share/templates/widgets/admin_reseller_overview.tt
@@ -4,21 +4,21 @@ enqueLists.push([{
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
- $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Domain') %]' : '[% c.loc('Domains') %]') + '');
+ $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Domain')) %]' : '[% c.escape_js(c.loc('Domains')) %]') + '');
}
},{
res: 'customers_count',
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
- $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Customer') %]' : '[% c.loc('Customers') %]') + '');
+ $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Customer')) %]' : '[% c.escape_js(c.loc('Customers')) %]') + '');
}
},{
res: 'subscribers_count',
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
- $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Subscriber') %]' : '[% c.loc('Subscribers') %]') + '');
+ $("#admin_reseller_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Subscriber')) %]' : '[% c.escape_js(c.loc('Subscribers')) %]') + '');
}
},{
res: 'resellers_count',
@@ -29,7 +29,7 @@ enqueLists.push([{
$("#admin_reseller_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Reseller') %]' : '[% c.loc('Resellers') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Reseller')) %]' : '[% c.escape_js(c.loc('Resellers')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/admin_system_overview.tt b/share/templates/widgets/admin_system_overview.tt
index c2217af335..ced829ebd2 100644
--- a/share/templates/widgets/admin_system_overview.tt
+++ b/share/templates/widgets/admin_system_overview.tt
@@ -15,7 +15,7 @@ enqueLists.push([{
//console.log(data);
var txt = data.widget_data.text;
var col = data.widget_data.color;
- $("#admin_system_overview_lazy_items_list").append('[% c.loc('System') %] ' + txt + '');
+ $("#admin_system_overview_lazy_items_list").append('[% c.escape_js(c.loc('System')) %] ' + txt + '');
}
},{
res: 'hardware',
@@ -24,7 +24,7 @@ enqueLists.push([{
//console.log(data);
var txt = data.widget_data.text;
var col = data.widget_data.color;
- $("#admin_system_overview_lazy_items_list").append('[% c.loc('Hardware') %] ' + txt + '');
+ $("#admin_system_overview_lazy_items_list").append('[% c.escape_js(c.loc('Hardware')) %] ' + txt + '');
}
},{
res: 'overall_status',
diff --git a/share/templates/widgets/reseller_billing_overview.tt b/share/templates/widgets/reseller_billing_overview.tt
index b2574fd265..02a741b729 100644
--- a/share/templates/widgets/reseller_billing_overview.tt
+++ b/share/templates/widgets/reseller_billing_overview.tt
@@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerBillingOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.loc('Reseller Cost') %]');
+ $("#reseller_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.escape_js(c.loc('Reseller Cost')) %]');
}
},{
res: 'customer_sum',
widgetName: "ResellerBillingOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.loc('Customer Revenue') %]');
+ $("#reseller_billing_overview_lazy_items_list").append('' + sprintf('%.02f',data.widget_data / 100.0) + ' [% c.escape_js(c.loc('Customer Revenue')) %]');
}
},{
res: 'profiles_count',
@@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_billing_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Billing Profile') %]' : '[% c.loc('Billing Profiles') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Billing Profile')) %]' : '[% c.escape_js(c.loc('Billing Profiles')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/reseller_customer_overview.tt b/share/templates/widgets/reseller_customer_overview.tt
index 670edf29c2..3cc6358d7b 100644
--- a/share/templates/widgets/reseller_customer_overview.tt
+++ b/share/templates/widgets/reseller_customer_overview.tt
@@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerCustomerOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_customer_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Contact') %]' : '[% c.loc('Contacts') %]') + '');
+ $("#reseller_customer_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Contact')) %]' : '[% c.escape_js(c.loc('Contacts')) %]') + '');
}
},{
res: 'subscribers_count',
widgetName: "ResellerCustomerOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_customer_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Subscriber') %]' : '[% c.loc('Subscribers') %]') + '');
+ $("#reseller_customer_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Subscriber')) %]' : '[% c.escape_js(c.loc('Subscribers')) %]') + '');
}
},{
res: 'customers_count',
@@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_customer_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Customer') %]' : '[% c.loc('Customers') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Customer')) %]' : '[% c.escape_js(c.loc('Customers')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/reseller_domain_overview.tt b/share/templates/widgets/reseller_domain_overview.tt
index 8a6dfaec15..65bf2fb273 100644
--- a/share/templates/widgets/reseller_domain_overview.tt
+++ b/share/templates/widgets/reseller_domain_overview.tt
@@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerDomainOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_domain_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Rewrite Rule Set') %]' : '[% c.loc('Rewrite Rule Sets') %]') + '');
+ $("#reseller_domain_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Rewrite Rule Set')) %]' : '[% c.escape_js(c.loc('Rewrite Rule Sets')) %]') + '');
}
},{
res: 'sound_sets_count',
widgetName: "ResellerDomainOverview",
cb: function(data) {
//console.log(data);
- $("#reseller_domain_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.loc('Sound Set') %]' : '[% c.loc('Sound Sets') %]') + '');
+ $("#reseller_domain_overview_lazy_items_list").append('' + data.widget_data + ' ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Sound Set')) %]' : '[% c.escape_js(c.loc('Sound Sets')) %]') + '');
}
},{
res: 'domains_count',
@@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_domain_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Domain') %]' : '[% c.loc('Domains') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Domain')) %]' : '[% c.escape_js(c.loc('Domains')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/subscriber_calls_overview.tt b/share/templates/widgets/subscriber_calls_overview.tt
index bc223c671f..35cfdfa1ef 100644
--- a/share/templates/widgets/subscriber_calls_overview.tt
+++ b/share/templates/widgets/subscriber_calls_overview.tt
@@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var calls = data.widget_data;
if (calls.length == 0) {
- $("#subscriber_call_overview_lazy_items_list").append('[% c.loc('No calls yet') %]');
+ $("#subscriber_call_overview_lazy_items_list").append('[% c.escape_js(c.loc('No calls yet')) %]');
} else {
for (var i = 0; i < calls.length; i++) {
var call = calls[i];
@@ -47,7 +47,7 @@ enqueLists.push([{
$("#subscriber_call_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Recent Call') %]' : '[% c.loc('Recent Calls') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Recent Call')) %]' : '[% c.escape_js(c.loc('Recent Calls')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/subscriber_cf_overview.tt b/share/templates/widgets/subscriber_cf_overview.tt
index c0f4353f02..8103f00a3a 100644
--- a/share/templates/widgets/subscriber_cf_overview.tt
+++ b/share/templates/widgets/subscriber_cf_overview.tt
@@ -11,9 +11,9 @@ enqueLists.push([{
$("#subscriber_cf_overview_lazy_items_list").append('' +
cf_mappings.desc + ' [% c.loc('active') %]'
+ 'green">[% c.escape_js(c.loc('active')) %]'
:
- 'grey">[% c.loc('inactive') %]'
+ 'grey">[% c.escape_js(c.loc('inactive')) %]'
) + '' +
'');
mcount += cf_mappings.mappings.length;
@@ -22,7 +22,7 @@ enqueLists.push([{
$("#subscriber_cf_overview_lazy_items_header").append(
'' +
'' + mcount + '' +
- '' + (mcount == 1 ? '[% c.loc('Call Forward Configured') %]' : '[% c.loc('Call Forwards Configured') %]') + '' +
+ '' + (mcount == 1 ? '[% c.escape_js(c.loc('Call Forward Configured')) %]' : '[% c.escape_js(c.loc('Call Forwards Configured')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/subscriber_reg_overview.tt b/share/templates/widgets/subscriber_reg_overview.tt
index 7ad495f8eb..84a9647ded 100644
--- a/share/templates/widgets/subscriber_reg_overview.tt
+++ b/share/templates/widgets/subscriber_reg_overview.tt
@@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var registrations = data.widget_data;
if (registrations.length == 0) {
- $("#subscriber_registration_overview_lazy_items_list").append('[% c.loc('No devices registered') %]');
+ $("#subscriber_registration_overview_lazy_items_list").append('[% c.escape_js(c.loc('No devices registered')) %]');
} else {
for (var i = 0; i < registrations.length; i++) {
var registration = registrations[i];
@@ -31,7 +31,7 @@ enqueLists.push([{
$("#subscriber_registration_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('Registered Device') %]' : '[% c.loc('Registered Devices') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Registered Device')) %]' : '[% c.escape_js(c.loc('Registered Devices')) %]') + '' +
'
');
}
}]);
diff --git a/share/templates/widgets/subscriber_vm_overview.tt b/share/templates/widgets/subscriber_vm_overview.tt
index 67bcc3bf25..3c28094965 100644
--- a/share/templates/widgets/subscriber_vm_overview.tt
+++ b/share/templates/widgets/subscriber_vm_overview.tt
@@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var voicemails = data.widget_data;
if (voicemails.length == 0) {
- $("#subscriber_voicemail_overview_lazy_items_list").append('[% c.loc('No new messages') %]');
+ $("#subscriber_voicemail_overview_lazy_items_list").append('[% c.escape_js(c.loc('No new messages')) %]');
} else {
for (var i = 0; i < voicemails.length; i++) {
var voicemail = voicemails[i];
@@ -36,7 +36,7 @@ enqueLists.push([{
$("#subscriber_voicemail_overview_lazy_items_header").append(
'' +
'' + data.widget_data + '' +
- '' + (data.widget_data == 1 ? '[% c.loc('New Message') %]' : '[% c.loc('New Messages') %]') + '' +
+ '' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('New Message')) %]' : '[% c.escape_js(c.loc('New Messages')) %]') + '' +
'
');
}
}]);