M #-: sanitize tags in handlebars forms (#4172)

Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
(cherry picked from commit dc5bcaa95a94f20fa2df08616e0b049571a4ec3a)

src/sunstone/public/app/tabs/users-tab/panels/info-common.js

@@ -77,14 +77,14 @@ define(function(require) {
     var templateTableHTML = TemplateTable.html(strippedTemplate, RESOURCE,
                                               Locale.tr("Attributes"));
     //====
-
-    return TemplateInfo({
+    render =  TemplateInfo({
       "element": this.element,
-      "sunstone_template": this.element.TEMPLATE.SUNSTONE||{},
+      "sunstone_template": this.element.TEMPLATE.SUNSTONE || {},
       "templateTableHTML": templateTableHTML,
       "tabId": this.tabId,
       "userCreationHTML": this.userCreation.html()
     });
+    return render;
   }
 
   function _setup(context) {

src/sunstone/public/app/templates/helpers/valOrDefault.js

@@ -17,6 +17,7 @@
 define(function(require) {
   var Handlebars = require('hbs/handlebars');
   var Locale = require('utils/locale');
+  var templateUtils = require("utils/template-utils");
 
   var valOrDefault = function(value, defaultValue, options) {
     var out;
@@ -24,7 +25,7 @@ define(function(require) {
     if (value == undefined || ($.isPlainObject(value) && $.isEmptyObject(value))){
         out = defaultValue;
     } else {
-        out = value;
+        out = templateUtils.removeHTMLTags(value);
     }
 
     return new Handlebars.SafeString(out);

src/sunstone/public/app/utils/template-utils.js

@@ -171,6 +171,14 @@ define(function(require) {
     return template_json;
   }
 
+  function _removeHTMLTags(string){
+    var rtn = string;
+    if(rtn){
+      rtn = string.replace(/<[^0-9\s=>]+>/g, '');
+    }
+    return rtn;
+  }
+
   return {
     "stringToTemplate": _convert_string_to_template,
     "templateToString": _convert_template_to_string,