From aa5d7227e3678051fa989b223539cc60dbb2a041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Bevacqua?= Date: Tue, 28 Jun 2016 16:44:18 -0300 Subject: [PATCH 1/3] [fix] Fixed scripting issues due to improperly encoded kibana payload. Former-commit-id: 08a6f401666c96580d3dbb63cb620a6a641176a3 --- src/ui/views/chrome.jade | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/ui/views/chrome.jade b/src/ui/views/chrome.jade index 646b9bd329a45..357258de1b435 100644 --- a/src/ui/views/chrome.jade +++ b/src/ui/views/chrome.jade @@ -1,5 +1,11 @@ -- var j = function (o) { return JSON.stringify(o); } -- var appName = 'kibana'; +- + var appName = 'kibana'; + + function encoded (data) { + var scriptend = /\<\s*\/\s*script\s*>/ig; + var concatend = ''; + return JSON.stringify(data).replace(scriptend, concatend); + } block vars @@ -12,5 +18,5 @@ html(lang='en') title Kibana block head body(kbn-chrome, id='#{appName}-body') - script window.__KBN__ = !{j(kibanaPayload)}; + script window.__KBN__ = !{encoded(kibanaPayload)}; block content From fcd369f21b05711490d42563f04dee9db9c21bfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Bevacqua?= Date: Tue, 28 Jun 2016 17:46:50 -0300 Subject: [PATCH 2/3] [fix] Switch to attribute-encoding Former-commit-id: 2cdb0f9148ad14a0061376e989f1d2343dde93a5 --- src/ui/public/metadata.js | 8 +++----- src/ui/views/chrome.jade | 8 +------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/ui/public/metadata.js b/src/ui/public/metadata.js index 0b3897bb28e16..af93aeb616ed8 100644 --- a/src/ui/public/metadata.js +++ b/src/ui/public/metadata.js @@ -1,11 +1,9 @@ +import $ from 'jquery'; import _ from 'lodash'; -// singleton for immutable copy of window.__KBN__ -if (!_.has(window, '__KBN__')) { - throw new Error('window.__KBN__ must be set for metadata'); -} +const state = $('[kbn-initial-state]').attr('kbn-initial-state'); +const kbn = window.__KBN__ = JSON.parse(state); -const kbn = _.cloneDeep(window.__KBN__ || {}); export default deepFreeze(kbn); function deepFreeze(object) { diff --git a/src/ui/views/chrome.jade b/src/ui/views/chrome.jade index 357258de1b435..6091b440a54a4 100644 --- a/src/ui/views/chrome.jade +++ b/src/ui/views/chrome.jade @@ -1,12 +1,6 @@ - var appName = 'kibana'; - function encoded (data) { - var scriptend = /\<\s*\/\s*script\s*>/ig; - var concatend = ''; - return JSON.stringify(data).replace(scriptend, concatend); - } - block vars doctype html @@ -18,5 +12,5 @@ html(lang='en') title Kibana block head body(kbn-chrome, id='#{appName}-body') - script window.__KBN__ = !{encoded(kibanaPayload)}; + meta(kbn-initial-state=JSON.stringify(kibanaPayload)) block content From 2b167c7104ab043a2cd1dd492ffe356293a26a68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Bevacqua?= Date: Tue, 28 Jun 2016 17:53:25 -0300 Subject: [PATCH 3/3] [fix] Get rid of in favor of directive-style element. Former-commit-id: e33fa407aeee2c04d65d5b308e355ebda14a22e5 --- src/ui/public/metadata.js | 2 +- src/ui/views/chrome.jade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ui/public/metadata.js b/src/ui/public/metadata.js index af93aeb616ed8..4f8103221e109 100644 --- a/src/ui/public/metadata.js +++ b/src/ui/public/metadata.js @@ -1,7 +1,7 @@ import $ from 'jquery'; import _ from 'lodash'; -const state = $('[kbn-initial-state]').attr('kbn-initial-state'); +const state = $('kbn-initial-state').attr('data'); const kbn = window.__KBN__ = JSON.parse(state); export default deepFreeze(kbn); diff --git a/src/ui/views/chrome.jade b/src/ui/views/chrome.jade index 6091b440a54a4..45f42d1086a07 100644 --- a/src/ui/views/chrome.jade +++ b/src/ui/views/chrome.jade @@ -12,5 +12,5 @@ html(lang='en') title Kibana block head body(kbn-chrome, id='#{appName}-body') - meta(kbn-initial-state=JSON.stringify(kibanaPayload)) + kbn-initial-state(data=JSON.stringify(kibanaPayload)) block content