<html>
<head>
<link href="/osm/static/style.css" rel="stylesheet">
-<title>Welcome to OSM</title>
+ <title>Welcome to OSM</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_topmenu">
<a href="/osm/admin/v1/sdns">SDNs </a>
<a href="/osm/admin/v1/k8sclusters">K8s_clusters </a>
<a href="/osm/admin/v1/k8srepos">K8s_repos </a>
+ <a href="/osm/nslcm/v1/subscriptions">NS_Subs </a>
<a href="/osm/admin/v1/tokens?METHOD=DELETE">logout </a>
</div>
</div>
<head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="/osm/static/style.css" rel="stylesheet">
<title>OSM Login</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_header">
return html_auth2.format(error=data)
if request.path_info in ("/version", "/system"):
return "<pre>" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "</pre>"
- body = html_body.format(item=request.path_info)
+ body = html_body.format(item=html_escape(request.path_info))
if response.status and response.status > 202:
- body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))
+ # input request.path_info (URL) can contain XSS that are translated into output error detail
+ body += html_body_error.format(html_escape(
+ yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)))
elif isinstance(data, (list, tuple)):
if request.path_info == "/vnfpkgm/v1/vnf_packages":
body += html_upload_body.format(request.path_info + "_content", "VNFD")
projects / osm / NBI.git / blobdiff