diff --git a/awx/ui/client/src/widgets/Stream.js b/awx/ui/client/src/widgets/Stream.js
index 60f3bd6cc0..4a8c6aeb61 100644
--- a/awx/ui/client/src/widgets/Stream.js
+++ b/awx/ui/client/src/widgets/Stream.js
@@ -22,11 +22,11 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti
'RefreshHelper', listGenerator.name, 'StreamWidget',
])
-.factory('BuildAnchor', [ '$log',
+.factory('BuildAnchor', [ '$log', '$filter',
// Returns a full resource_name HTML string if link can be derived from supplied context
// returns name of resource if activity stream object doesn't contain enough data to build a UI url
// arguments are: a summary_field object, a resource type, an activity stream object
- function ($log) {
+ function ($log, $filter) {
return function (obj, resource, activity) {
var url = '/#/';
// try/except pattern asserts that:
@@ -75,11 +75,11 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti
default:
url += resource + 's/' + obj.id + '/';
}
- return ' ' + (obj.name || obj.username) + ' ';
+ return ' ' + $filter('sanitize')(obj.name || obj.username) + ' ';
}
catch(err){
$log.debug(err);
- return ' ' + (obj.name || obj.username || '') + ' ';
+ return ' ' + $filter('sanitize')(obj.name || obj.username || '') + ' ';
}
};
}