Werk #3297: Fixes possible XSS in views sidebar snapin

TitelFixes possible XSS in views sidebar snapin
Datum2016-03-21 10:25:07
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.4.0i1,1.2.8b8
LevelTrivial Change
KlasseSecurity Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

Authenticated and permitted users could create views using a topic which might contains HTML code, for example script tags, that where executed when having the view listed in the views snapin.

Making the JS code be executed by other users is only possible with view publish permissions which normally only admin users have.