use of org.opennms.netmgt.model.OnmsFilterFavorite in project opennms by OpenNMS.
the class FilterFavoriteServiceIT method verifyXSSPreventionOnCreate.
@Test
public void verifyXSSPreventionOnCreate() throws FilterFavoriteService.FilterFavoriteException {
final String maliciousName = "test<script>alert(123);</script>";
final String maliciousFilter = "filter=severity=6<script>alert(123);</script>";
for (Page page : Page.values()) {
// try to create malicious favorites
OnmsFilterFavorite favorite = service.createFavorite("ulf", maliciousName, maliciousFilter, page);
// verify that filter name and criteria are not vulnerable to xss
Assert.assertEquals(WebSecurityUtils.sanitizeString(maliciousName), favorite.getName());
Assert.assertEquals(WebSecurityUtils.sanitizeString(maliciousFilter), favorite.getFilter());
}
}
use of org.opennms.netmgt.model.OnmsFilterFavorite in project opennms by OpenNMS.
the class AlarmFilterController method index.
// index view
public ModelAndView index(HttpServletRequest request, HttpServletResponse response) throws Exception {
List<OnmsFilterFavorite> userFilterList = favoriteService.getFavorites(request.getRemoteUser(), OnmsFilterFavorite.Page.ALARM);
ModelAndView modelAndView = new ModelAndView("alarm/index");
modelAndView.addObject("favorites", userFilterList.toArray());
modelAndView.addObject("callback", getFilterCallback());
return modelAndView;
}
Aggregations