[ofbiz-framework] branch trunk updated: Improved: Fix OFBiz specific Javascript security issues reported by GH CodeQL (OFBIZ-12366)

[jleroux]

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new b38fd52  Improved: Fix OFBiz specific Javascript security issues 
reported by GH CodeQL (OFBIZ-12366)
b38fd52 is described below

commit b38fd52e1fa66d685a3f2203d0e3dc7421df4d57
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Nov 11 07:46:20 2021 +0100

    Improved: Fix OFBiz specific Javascript security issues reported by GH 
CodeQL (OFBIZ-12366)
    
    Reassures CodeQL that all is correct, even if it was already OK
---
 themes/common-theme/webapp/common/js/util/OfbizUtil.js   | 2 +-
 themes/common-theme/webapp/common/js/util/fieldlookup.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/themes/common-theme/webapp/common/js/util/OfbizUtil.js 
b/themes/common-theme/webapp/common/js/util/OfbizUtil.js
index 41e11bd..d7e4cc2 100644
--- a/themes/common-theme/webapp/common/js/util/OfbizUtil.js
+++ b/themes/common-theme/webapp/common/js/util/OfbizUtil.js
@@ -879,7 +879,7 @@ function ajaxAutoCompleter(areaCsvString, showDescription, 
defaultMinLength, def
                 var queryArgs = {"term": request.term};
                 if (typeof args == "object" && jQuery.isArray(args)) {
                      for (var i = 0; i < args.length; i++) {
-                         queryArgs["parm" + i] = 
DOMPurify.sanitize(jQuery(args[i]).val())
+                         queryArgs["parm" + i] = 
jQuery(DOMPurify.sanitize(args[i]).val()
                      }
                 }
                 jQuery.ajax({
diff --git a/themes/common-theme/webapp/common/js/util/fieldlookup.js 
b/themes/common-theme/webapp/common/js/util/fieldlookup.js
index 677f52b..f6a0a9c 100644
--- a/themes/common-theme/webapp/common/js/util/fieldlookup.js
+++ b/themes/common-theme/webapp/common/js/util/fieldlookup.js
@@ -304,7 +304,7 @@ var Lookup = function(options) {
         var queryArgs = "presentation=" + options.presentation;
         if (typeof options.args == "object" && jQuery.isArray(options.args)) {
             for ( var i = 0; i < options.args.length; i++) {
-                queryArgs += DOMPurify.sanitize("&parm" + i + "=" + 
jQuery(options.args[i]).val());
+                queryArgs += "&parm" + i + "=" + 
jQuery(DOMPurify.sanitize(options.args[i])).val();
             }
         }