Merge pull request #3768 from overleaf/jpa-xss-10

[views] mitigate Angular XSS on password reset page

GitOrigin-RevId: 65f423fcb1a3afff0f396bb8e173d1e1bcff056a
This commit is contained in:
Jakob Ackermann 2021-03-17 12:46:49 +01:00 committed by Copybot
parent 8766c23abb
commit 7609b741fa

View file

@ -17,7 +17,7 @@ block content
)
input(type="hidden", name="_csrf", value=csrfToken)
.alert.alert-success(ng-show="passwordResetForm.response.success")
| #{translate("password_has_been_reset")}.
| #{translate("password_has_been_reset")}.
a(href='/login') #{translate("login_here")}
div(ng-show="passwordResetForm.response.error == true")
div(ng-switch="passwordResetForm.response.status")
@ -42,11 +42,12 @@ block content
autofocus,
complex-password
)
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
input(
type="hidden",
name="passwordResetToken",
value=passwordResetToken
ng-non-bindable
)
.actions
button.btn.btn-primary(