From 6953c561e4ec65728fd9c35f5d4840a32a3ad4ba Mon Sep 17 00:00:00 2001
From: Tiago Melo <tspmelo@gmail.com>
Date: Fri, 3 Aug 2018 18:47:59 +0100
Subject: [PATCH] mgr/dashboard: Escape regex pattern in DeletionModalComponent

Fixes: http://tracker.ceph.com/issues/24902

Signed-off-by: Tiago Melo <tmelo@suse.com>
---
 .../deletion-modal/deletion-modal.component.html          | 2 +-
 .../deletion-modal/deletion-modal.component.spec.ts       | 8 ++++++++
 .../components/deletion-modal/deletion-modal.component.ts | 4 ++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.html b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.html
index 365686522c5b2..ca2f4ca5138de 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.html
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.html
@@ -30,7 +30,7 @@
                  name="confirmation"
                  id="confirmation"
                  [placeholder]="pattern"
-                 [pattern]="pattern"
+                 [pattern]="escapeRegExp(pattern)"
                  autocomplete="off"
                  (keyup)="updateConfirmation($event)"
                  formControlName="confirmation"
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.spec.ts
index 8bb94293eabde..e1abdb037395a 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.spec.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.spec.ts
@@ -286,6 +286,14 @@ describe('DeletionModalComponent', () => {
         testValidation(false, undefined, false);
         testValidation(true, undefined, false);
       });
+
+      it('should test regex pattern', () => {
+        component.pattern = 'a+b';
+        changeValue('ab');
+        testValidation(false, 'pattern', true);
+        changeValue('a+b');
+        testValidation(false, 'pattern', false);
+      });
     });
 
     describe('deletion call', () => {
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.ts
index caf9d08b38f05..4eaab36065006 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/deletion-modal/deletion-modal.component.ts
@@ -93,4 +93,8 @@ export class DeletionModalComponent implements OnInit {
   stopLoadingSpinner() {
     this.deletionForm.setErrors({ cdSubmitButton: true });
   }
+
+  escapeRegExp(text) {
+    return text.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  }
 }
-- 
2.39.5