shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Code Releases Activity

Merge pull request #2175 from marshmalien/fix/1496-inconsistent-ui-character-escaping

Browse Source 
Use textContent property instead of innerHTML within sanitize filter
This commit is contained in:
Marliana Lara 2018-06-18 13:37:36 -04:00 committed by GitHub
commit 4b59628075
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/ui/client/features/output/details.component.js
View File

@ -289,7 +289,7 @@ function getProjectDetails () {
const label = strings.get('labels.PROJECT');
const link = `/#/projects/${project.id}`;
const value = $filter('sanitize')(project.name);
const value = project.name;
const tooltip = strings.get('tooltips.PROJECT');
return { label, link, value, tooltip };

2
awx/ui/client/src/shared/filters/xss-sanitizer.filter.js
View File

@ -6,7 +6,7 @@
export default [function() {
return function(input) {
input = $("<span>").text(input)[0].innerHTML;
input = $("<span>").text(input)[0].textContent;
return input;
};
}];

2
awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js
View File

@ -12,6 +12,6 @@ describe('Filter: sanitize', () => {
});
it('should sanitize xss-vulnerable strings', function(){
expect(filter("<div>foobar</div>")).toBe("&lt;div&gt;foobar&lt;/div&gt;");
expect(filter("<div>foobar</div>")).toBe("<div>foobar</div>");
});
});