shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 16:51:11 +03:00
Code Releases Activity

Merge pull request #625 from jlmitch5/fixXSS

Browse Source 
fix xss vulnerabilities
This commit is contained in:
John Mitchell 2018-02-01 11:49:35 -05:00 committed by GitHub
commit 7e400413db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/ui/client/src/inventories-hosts/shared/factories/set-status.factory.js
View File

@ -60,7 +60,7 @@ export default
html += "<td class=\"break\"><a href=\"#/jobs/" + job.id + "\" " +
"aw-tool-tip=\"" + job.status.charAt(0).toUpperCase() + job.status.slice(1) +
". Click for details\" data-placement=\"top\">" + ellipsis(job.name) + "</a></td>\n";
". Click for details\" data-placement=\"top\">" + $filter('sanitize')(ellipsis(job.name)) + "</a></td>\n";
html += "</tr>\n";
}

8
awx/ui/client/src/scheduler/schedulerList.controller.js
View File

@ -12,10 +12,10 @@
export default [
'$scope', '$location', '$stateParams', 'ScheduleList', 'Rest',
'$filter', '$scope', '$location', '$stateParams', 'ScheduleList', 'Rest',
'rbacUiControlService',
'ToggleSchedule', 'DeleteSchedule', '$q', '$state', 'Dataset', 'ParentObject', 'UnifiedJobsOptions',
function($scope, $location, $stateParams,
function($filter, $scope, $location, $stateParams,
ScheduleList, Rest,
rbacUiControlService,
ToggleSchedule, DeleteSchedule,
@ -90,7 +90,7 @@ export default [
schedule.status_tip = 'Schedule is stopped. Click to activate.';
}
schedule.nameTip = schedule.name;
schedule.nameTip = $filter('sanitize')(schedule.name);
// include the word schedule if the schedule name does not include the word schedule
if (schedule.name.indexOf("schedule") === -1 && schedule.name.indexOf("Schedule") === -1) {
schedule.nameTip += " schedule";
@ -99,7 +99,7 @@ export default [
if (job.name.indexOf("job") === -1 && job.name.indexOf("Job") === -1) {
schedule.nameTip += "job ";
}
schedule.nameTip += job.name;
schedule.nameTip += $filter('sanitize')(job.name);
schedule.nameTip += ". Click to edit schedule.";
}