Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-24 12:48:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Force all columns in any declared datatable to render using datatables render.text function to prevent possible (very low risk, requiring authenticated dashboard anyway) XSS.

Browse Source 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2021-10-27 19:21:49 +01:00
parent ae17a48bf7
commit 0e483a8eea
11 changed files with 78 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/pi-hole/js/settings.js
View File

@@ -216,7 +216,13 @@ $(function () {
if (document.getElementById("DHCPLeasesTable")) {
leasetable = $("#DHCPLeasesTable").DataTable({
dom: "<'row'<'col-sm-12'tr>><'row'<'col-sm-6'i><'col-sm-6'f>>",
columnDefs: [{ bSortable: false, orderable: false, targets: -1 }],
columnDefs: [
{ bSortable: false, orderable: false, targets: -1 },
{
targets: "_all",
render: $.fn.dataTable.render.text(),
},
],
paging: false,
scrollCollapse: true,
scrollY: "200px",
@@ -235,7 +241,13 @@ $(function () {
if (document.getElementById("DHCPStaticLeasesTable")) {
staticleasetable = $("#DHCPStaticLeasesTable").DataTable({
dom: "<'row'<'col-sm-12'tr>><'row'<'col-sm-12'i>>",
columnDefs: [{ bSortable: false, orderable: false, targets: -1 }],
columnDefs: [
{ bSortable: false, orderable: false, targets: -1 },
{
targets: "_all",
render: $.fn.dataTable.render.text(),
},
],
paging: false,
scrollCollapse: true,
scrollY: "200px",