From ca64630740a6c5456c1c197ed26938c7ce28e847 Mon Sep 17 00:00:00 2001 From: Jake McDermott Date: Tue, 29 Jan 2019 09:35:57 -0500 Subject: [PATCH] sanitize reflected user input on job details page This makes sure we're applying the 'sanitize' filter to reflected user input for some of the new information we're displaying on the job details page. --- awx/ui/client/features/output/details.component.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/awx/ui/client/features/output/details.component.js b/awx/ui/client/features/output/details.component.js index 3cece3143a..2cf97746ff 100644 --- a/awx/ui/client/features/output/details.component.js +++ b/awx/ui/client/features/output/details.component.js @@ -114,13 +114,14 @@ function getVerbosityDetails () { } function getEnvironmentDetails (virtualenv) { - const value = virtualenv || resource.model.get('custom_virtualenv'); + const customVirtualenv = virtualenv || resource.model.get('custom_virtualenv'); - if (!value || value === '') { + if (!customVirtualenv || customVirtualenv === '') { return null; } const label = strings.get('labels.ENVIRONMENT'); + const value = $filter('sanitize')(customVirtualenv); return { label, value }; } @@ -345,6 +346,7 @@ function getInventoryScmDetails (updateId, updateStatus) { const link = `/#/projects/${projectId}`; const jobTooltip = strings.get('tooltips.INVENTORY_SCM_JOB'); const tooltip = strings.get('tooltips.INVENTORY_SCM'); + const value = $filter('sanitize')(projectName); let icon; @@ -354,7 +356,7 @@ function getInventoryScmDetails (updateId, updateStatus) { icon = `fa icon-job-${status}`; } - return { label, link, icon, jobLink, jobTooltip, tooltip, value: projectName }; + return { label, link, icon, jobLink, jobTooltip, tooltip, value }; } function getSCMRevisionDetails () {