From: Instrumental <jonathan.gathman@att.com>
Date: Thu, 24 May 2018 21:33:59 +0000 (-0500)
Subject: Protect History Display
X-Git-Tag: Beijing-2.1.1~6
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=commitdiff_plain;h=2066e6a977c38ea95ea19374232b9904032283ca

Protect History Display

Issue-ID: AAF-324
Change-Id: I8829afdab7ae1baee1d6ebf10708997074b3aaa9
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---

diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
index 1bffbb6f..96ec002e 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
@@ -196,10 +196,11 @@ public class NsHistory extends Page {
 									String user = i.getUser();
 									AbsCell userCell = new TextCell(user);
 									
+									String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
 									rv.add(new AbsCell[] {
 											new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
 											userCell,
-											new TextCell(i.getMemo())
+											new TextCell(memo)
 									});
 								}
 							} finally {
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
index 64a0db17..b7a9960c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
@@ -207,11 +207,11 @@ public class PermHistory extends Page {
 								for (Item i : histItems) {
 									String user = i.getUser();
 									AbsCell userCell = new TextCell(user);
-									
+									String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
 									rv.add(new AbsCell[] {
 											new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
 											userCell,
-											new TextCell(i.getMemo())
+											new TextCell(memo)
 									});
 								}
 								
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
index 7b07b60d..5f7625aa 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
@@ -38,7 +38,6 @@ import org.onap.aaf.auth.gui.Page;
 import org.onap.aaf.auth.gui.Table;
 import org.onap.aaf.auth.gui.Table.Cells;
 import org.onap.aaf.auth.gui.table.AbsCell;
-import org.onap.aaf.auth.gui.table.RefCell;
 import org.onap.aaf.auth.gui.table.TableData;
 import org.onap.aaf.auth.gui.table.TextCell;
 import org.onap.aaf.cadi.CadiException;
@@ -195,11 +194,12 @@ public class RoleHistory extends Page {
 									for (Item i : histItems) {
 										String user = i.getUser();
 										AbsCell userCell = new TextCell(user);
-										
+
+										String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
 										rv.add(new AbsCell[] {
 												new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
 												userCell,
-												new TextCell(i.getMemo())
+												new TextCell(memo)
 										});
 									}
 								} else {