github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3768 from overleaf/jpa-xss-10

Browse source 
[views] mitigate Angular XSS on password reset page

GitOrigin-RevId: 65f423fcb1a3afff0f396bb8e173d1e1bcff056a
This commit is contained in:
Jakob Ackermann 2021-03-17 12:46:49 +01:00 committed by Copybot
parent 8766c23abb
commit 7609b741fa
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/web/app/views/user/setPassword.pug
View file

@ -17,7 +17,7 @@ block content
) )
input(type="hidden", name="_csrf", value=csrfToken) input(type="hidden", name="_csrf", value=csrfToken)
.alert.alert-success(ng-show="passwordResetForm.response.success") .alert.alert-success(ng-show="passwordResetForm.response.success")
| #{translate("password_has_been_reset")}. | #{translate("password_has_been_reset")}.
a(href='/login') #{translate("login_here")} a(href='/login') #{translate("login_here")}
div(ng-show="passwordResetForm.response.error == true") div(ng-show="passwordResetForm.response.error == true")
div(ng-switch="passwordResetForm.response.status") div(ng-switch="passwordResetForm.response.status")
@ -42,11 +42,12 @@ block content
autofocus, autofocus,
complex-password complex-password
) )
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage") span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
input( input(
type="hidden", type="hidden",
name="passwordResetToken", name="passwordResetToken",
value=passwordResetToken value=passwordResetToken
ng-non-bindable
) )
.actions .actions
button.btn.btn-primary( button.btn.btn-primary(