From c5cf523cc931d9fe6710a1a852ae9c7f20d25a1b Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Tue, 12 Feb 2019 15:22:54 +0200 Subject: [PATCH] UI fixes Fixes noted from avdaredevil: * Fix XSS vulnerability * Use template literals for HTML inside JS Signed-off-by: Kimonas Sotirchos --- .../jupyter/static/js/add_notebook.js | 16 ++-- .../kubeflow/jupyter/static/js/notebooks.js | 94 ++++++++++--------- .../kubeflow/jupyter/templates/notebooks.html | 9 +- .../kubeflow/rokui/static/js/add_notebook.js | 16 ++-- .../rok/kubeflow/rokui/static/js/notebooks.js | 38 ++++---- 5 files changed, 92 insertions(+), 81 deletions(-) diff --git a/components/jupyter-web-app/default/kubeflow/jupyter/static/js/add_notebook.js b/components/jupyter-web-app/default/kubeflow/jupyter/static/js/add_notebook.js index f889ef1605e..f98ed6183e6 100644 --- a/components/jupyter-web-app/default/kubeflow/jupyter/static/js/add_notebook.js +++ b/components/jupyter-web-app/default/kubeflow/jupyter/static/js/add_notebook.js @@ -729,13 +729,15 @@ function postNotebook(form, data) { window.location.href = prefix + "/notebooks" +"?namespace=" + ns } else { - $("#error-msgs").empty(); - var innerHTML = '' - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Error: ' + res.log + '
'; - $("#error-msgs").html(innerHTML); + innerHTML = ` +
+ × + Error: +
` + + const $e = $("#error-msgs").html(innerHTML) + $('.danger-log', $e).text(res.log) + window.scrollTo(0, 0); } }) diff --git a/components/jupyter-web-app/default/kubeflow/jupyter/static/js/notebooks.js b/components/jupyter-web-app/default/kubeflow/jupyter/static/js/notebooks.js index 98c5dcbca10..ac0d83eb12f 100644 --- a/components/jupyter-web-app/default/kubeflow/jupyter/static/js/notebooks.js +++ b/components/jupyter-web-app/default/kubeflow/jupyter/static/js/notebooks.js @@ -1,4 +1,33 @@ $(document).ready(function(){ + // Update the Notebooks when a Namespace is selected + $("#ns-select").on("change", function() { + var ns = this.value; + updateNotebooksInNamespace(ns); + + // Change the function for the CREATE NOTEBOOK button + $("#create-nb-btn").click(_ => createNotebook(ns)) + }); + + // Search Bar + $('#search-nb').bind("enterKey",function(e){ + var ns = this.value; + updateNotebooksInNamespace(ns); + + // Change the function for the CREATE NOTEBOOK button + $("#create-nb-btn").click(_ => createNotebook(ns)) + + // In case user sees only default ns and we go to a ns with search bar + // then the change listener won't be triggered + $("#ns-select").val("") + + }); + + $('#search-nb').keyup(function(e){ + if(e.keyCode == 13) { + $(this).trigger("enterKey"); + } + }); + // Get Notebooks for the ServiceAccount's Namespace var ns = new URL(window.location.href).searchParams.get("namespace") if (ns) { @@ -10,35 +39,34 @@ $(document).ready(function(){ function deleteNotebook(ns, nb) { $.getJSON(prefix + "/delete-notebook", { namespace:ns, notebook:nb}, function(data, status) { - var innerHTML = $("#error-msgs").html() + var innerHTML = '' if(data.success == true) { updateNotebooksInNamespace(ns) - innerHTML = ''; } else { - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Warning! ' + data.log + '
'; + innerHTML = ` +
+ × + Warning! +
` } - $("#error-msgs").html(innerHTML); + const $e = $("#error-msgs").html(innerHTML) + $('.warning-log', $e).text(data.log) }); }; function connectNotebook(ns, nb) { - window.open("/" + ns + "/" + nb, "_blank"); + window.open(`/${ns}/${nb}`, "_blank"); }; function createNotebook(ns) { // Redirect to Add Notebook URL - window.location.href = prefix + "/add-notebook?namespace="+ns + window.location.href = `${prefix}/add-notebook?namespace=${ns}` }; function updateNotebooksInNamespace(ns) { // Put the add Notebook button $('#nb-table-body').html(""); - var row = $(""); - // var row = "" // Get the Notebooks for selected Namespace $.getJSON(prefix + "/list-notebooks", { namespace:ns }, function(data, status) { @@ -101,11 +129,14 @@ function updateNotebooksInNamespace(ns) { } } else{ - var innerHTML = '' - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Warning! ' + data.log + '
'; - $("#error-msgs").html(innerHTML); + innerHTML = ` +
+ × + Warning! +
` + + const $e = $("#error-msgs").html(innerHTML) + $('.warning-log', $e).text(data.log) } // Load the dynamic components of mdl @@ -115,35 +146,6 @@ function updateNotebooksInNamespace(ns) { }); } -// Search Bar -$('#search-nb').bind("enterKey",function(e){ - var ns = this.value; - updateNotebooksInNamespace(ns); - - // Change the function for the CREATE NOTEBOOK button - $("#create-nb-btn").attr("onclick", "createNotebook('" + ns + "')") - - // In case user sees only default ns and we go to a ns with search bar - // then the change listener won't be triggered - $("#ns-select").val("") - -}); - -$('#search-nb').keyup(function(e){ - if(e.keyCode == 13) { - $(this).trigger("enterKey"); - } -}); - function searchOut() { $("#ns-select").text("") -} - -// Update the Notebooks when a Namespace is selected -$("#ns-select").on("change", function() { - var ns = this.value; - updateNotebooksInNamespace(ns); - - // Change the function for the CREATE NOTEBOOK button - $("#create-nb-btn").attr("onclick", "createNotebook('" + ns + "')") -}); \ No newline at end of file +} \ No newline at end of file diff --git a/components/jupyter-web-app/default/kubeflow/jupyter/templates/notebooks.html b/components/jupyter-web-app/default/kubeflow/jupyter/templates/notebooks.html index c03b99d0eea..4dd880bc1c9 100644 --- a/components/jupyter-web-app/default/kubeflow/jupyter/templates/notebooks.html +++ b/components/jupyter-web-app/default/kubeflow/jupyter/templates/notebooks.html @@ -1,6 +1,11 @@ {% extends "layout.html" %} -{% block content %} +{% block javascript %} + {{ super() }} + +{% endblock %} +{% block content %} @@ -71,6 +76,4 @@

Notebooks

- - {% endblock content %} diff --git a/components/jupyter-web-app/rok/kubeflow/rokui/static/js/add_notebook.js b/components/jupyter-web-app/rok/kubeflow/rokui/static/js/add_notebook.js index 560b04c1bb3..e37a360b7a4 100644 --- a/components/jupyter-web-app/rok/kubeflow/rokui/static/js/add_notebook.js +++ b/components/jupyter-web-app/rok/kubeflow/rokui/static/js/add_notebook.js @@ -796,13 +796,15 @@ function postNotebook(form, data) { window.location.href = prefix + "/notebooks" +"?namespace=" + ns } else { - $("#error-msgs").empty(); - var innerHTML = '' - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Error: ' + res.log + '
'; - $("#error-msgs").html(innerHTML); + innerHTML = ` +
+ × + Error: +
` + + const $e = $("#error-msgs").html(innerHTML) + $('.danger-log', $e).text(res.log) + window.scrollTo(0, 0); } }) diff --git a/components/jupyter-web-app/rok/kubeflow/rokui/static/js/notebooks.js b/components/jupyter-web-app/rok/kubeflow/rokui/static/js/notebooks.js index 272291ba2a0..ac0d83eb12f 100644 --- a/components/jupyter-web-app/rok/kubeflow/rokui/static/js/notebooks.js +++ b/components/jupyter-web-app/rok/kubeflow/rokui/static/js/notebooks.js @@ -5,7 +5,7 @@ $(document).ready(function(){ updateNotebooksInNamespace(ns); // Change the function for the CREATE NOTEBOOK button - $("#create-nb-btn").attr("onclick", "createNotebook('" + ns + "')") + $("#create-nb-btn").click(_ => createNotebook(ns)) }); // Search Bar @@ -14,7 +14,7 @@ $(document).ready(function(){ updateNotebooksInNamespace(ns); // Change the function for the CREATE NOTEBOOK button - $("#create-nb-btn").attr("onclick", "createNotebook('" + ns + "')") + $("#create-nb-btn").click(_ => createNotebook(ns)) // In case user sees only default ns and we go to a ns with search bar // then the change listener won't be triggered @@ -39,35 +39,34 @@ $(document).ready(function(){ function deleteNotebook(ns, nb) { $.getJSON(prefix + "/delete-notebook", { namespace:ns, notebook:nb}, function(data, status) { - var innerHTML = $("#error-msgs").html() + var innerHTML = '' if(data.success == true) { updateNotebooksInNamespace(ns) - innerHTML = ''; } else { - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Warning! ' + data.log + '
'; + innerHTML = ` +
+ × + Warning! +
` } - $("#error-msgs").html(innerHTML); + const $e = $("#error-msgs").html(innerHTML) + $('.warning-log', $e).text(data.log) }); }; function connectNotebook(ns, nb) { - window.open("/" + ns + "/" + nb, "_blank"); + window.open(`/${ns}/${nb}`, "_blank"); }; function createNotebook(ns) { // Redirect to Add Notebook URL - window.location.href = prefix + "/add-notebook?namespace="+ns + window.location.href = `${prefix}/add-notebook?namespace=${ns}` }; function updateNotebooksInNamespace(ns) { // Put the add Notebook button $('#nb-table-body').html(""); - var row = $(""); - // var row = "" // Get the Notebooks for selected Namespace $.getJSON(prefix + "/list-notebooks", { namespace:ns }, function(data, status) { @@ -130,11 +129,14 @@ function updateNotebooksInNamespace(ns) { } } else{ - var innerHTML = '' - innerHTML = '
'; - innerHTML += '×'; - innerHTML += 'Warning! ' + data.log + '
'; - $("#error-msgs").html(innerHTML); + innerHTML = ` +
+ × + Warning! +
` + + const $e = $("#error-msgs").html(innerHTML) + $('.warning-log', $e).text(data.log) } // Load the dynamic components of mdl