Protect History Display

Issue-ID: AAF-324
Change-Id: I8829afdab7ae1baee1d6ebf10708997074b3aaa9
Signed-off-by: Instrumental <jonathan.gathman@att.com>

diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
index 1bffbb6..96ec002 100644 (file)
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
@@ -196,10 +196,11 @@ public class NsHistory extends Page {
                                                                        String user = i.getUser();
                                                                        AbsCell userCell = new TextCell(user);
                                                                        
+                                                                       String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
                                                                        rv.add(new AbsCell[] {
                                                                                        new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
                                                                                        userCell,
-                                                                                       new TextCell(i.getMemo())
+                                                                                       new TextCell(memo)
                                                                        });
                                                                }
                                                        } finally {

diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
index 64a0db1..b7a9960 100644 (file)
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
@@ -207,11 +207,11 @@ public class PermHistory extends Page {
                                                                for (Item i : histItems) {
                                                                        String user = i.getUser();
                                                                        AbsCell userCell = new TextCell(user);
-                                                                       
+                                                                       String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
                                                                        rv.add(new AbsCell[] {
                                                                                        new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
                                                                                        userCell,
-                                                                                       new TextCell(i.getMemo())
+                                                                                       new TextCell(memo)
                                                                        });
                                                                }
                                                                

diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
index 7b07b60..5f7625a 100644 (file)
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
@@ -38,7 +38,6 @@ import org.onap.aaf.auth.gui.Page;
 import org.onap.aaf.auth.gui.Table;
 import org.onap.aaf.auth.gui.Table.Cells;
 import org.onap.aaf.auth.gui.table.AbsCell;
-import org.onap.aaf.auth.gui.table.RefCell;
 import org.onap.aaf.auth.gui.table.TableData;
 import org.onap.aaf.auth.gui.table.TextCell;
 import org.onap.aaf.cadi.CadiException;
@@ -195,11 +194,12 @@ public class RoleHistory extends Page {
                                                                        for (Item i : histItems) {
                                                                                String user = i.getUser();
                                                                                AbsCell userCell = new TextCell(user);
-                                                                               
+
+                                                                               String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
                                                                                rv.add(new AbsCell[] {
                                                                                                new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
                                                                                                userCell,
-                                                                                               new TextCell(i.getMemo())
+                                                                                               new TextCell(memo)
                                                                                });
                                                                        }
                                                                } else {