Commit 337fc3e6 authored by ginkgofjg's avatar ginkgofjg

CRM-16995: Addressed XSS vulnerability.

parent 6c0a137b
......@@ -109,9 +109,12 @@ class Main extends \CRM_Core_Page {
}
}
// Set the location hash so that Angular knows which page it is trying to load.
$route = \CRM_Utils_Request::retrieve('route', 'String');
$this->assign("route", $route);
// If trying to load an Angular page via AJAX, the route must be passed as a
// URL parameter, since PHP doesn't know about URL fragments (i.e, what
// comes after the #).
\CRM_Core_Resources::singleton()->addSetting(array(
'angularRoute' => \CRM_Utils_Request::retrieve('route', 'String'),
));
}
}
{if $route}
<script type="text/javascript">
location.hash = '{$route}';
</script>
{/if}
{literal}
<script type="text/javascript">
if (CRM.hasOwnProperty('angularRoute') && CRM.angularRoute) {
location.hash = CRM.angularRoute;
}
</script>
<div ng-app="crmApp">
<div ng-view></div>
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment