From 9a73d9c61663c55f4d7deb55a282aba7c3db3ac0 Mon Sep 17 00:00:00 2001 From: Marliana Lara Date: Thu, 14 Jun 2018 16:07:46 -0400 Subject: [PATCH 1/2] Use textContent property instead of innerHTML in sanitize filter --- awx/ui/client/features/output/details.component.js | 2 +- awx/ui/client/src/shared/filters/xss-sanitizer.filter.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/awx/ui/client/features/output/details.component.js b/awx/ui/client/features/output/details.component.js index 310a8d0f31..8606cec201 100644 --- a/awx/ui/client/features/output/details.component.js +++ b/awx/ui/client/features/output/details.component.js @@ -289,7 +289,7 @@ function getProjectDetails () { const label = strings.get('labels.PROJECT'); const link = `/#/projects/${project.id}`; - const value = $filter('sanitize')(project.name); + const value = project.name; const tooltip = strings.get('tooltips.PROJECT'); return { label, link, value, tooltip }; diff --git a/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js b/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js index ef1c16d32d..893e5950c1 100644 --- a/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js +++ b/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js @@ -6,7 +6,7 @@ export default [function() { return function(input) { - input = $("").text(input)[0].innerHTML; + input = $("").text(input)[0].textContent; return input; }; }]; From 2a52dceb1ab89a044554d84231e901667bf31dd8 Mon Sep 17 00:00:00 2001 From: Marliana Lara Date: Fri, 15 Jun 2018 11:40:49 -0400 Subject: [PATCH 2/2] Update sanitize filter test --- awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js b/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js index 2f4db9df83..8f15da162f 100644 --- a/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js +++ b/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js @@ -12,6 +12,6 @@ describe('Filter: sanitize', () => { }); it('should sanitize xss-vulnerable strings', function(){ - expect(filter("
foobar
")).toBe("<div>foobar</div>"); + expect(filter("
foobar
")).toBe("
foobar
"); }); });