From ab126b1040313e2890505d9acf71561344fc770c Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Fri, 3 Jun 2016 14:50:35 -0400 Subject: [PATCH 1/2] Fixed XSS for project and jt scheduling #2148 --- awx/ui/client/src/scheduler/scheduler.controller.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/awx/ui/client/src/scheduler/scheduler.controller.js b/awx/ui/client/src/scheduler/scheduler.controller.js index 491465e5e8..0df2efba1f 100644 --- a/awx/ui/client/src/scheduler/scheduler.controller.js +++ b/awx/ui/client/src/scheduler/scheduler.controller.js @@ -55,8 +55,8 @@ export default [ schedList.well = true; // include name of item in listTitle - schedList.listTitle = title ? title : parentObject.name; - schedList.listTitle = `${schedList.listTitle}
Schedules`; + let escaped_title = $("").text(title ? title : parentObject.name)[0].innerHTML + schedList.listTitle = `${escaped_title}
Schedules`; schedList.basePath = parentObject.url + "schedules"; From 7a7e894d2b9150730c6d46199b86e489c2a2d9ec Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Fri, 3 Jun 2016 14:52:42 -0400 Subject: [PATCH 2/2] jshint --- awx/ui/client/src/scheduler/scheduler.controller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/ui/client/src/scheduler/scheduler.controller.js b/awx/ui/client/src/scheduler/scheduler.controller.js index 0df2efba1f..7e2ef3539d 100644 --- a/awx/ui/client/src/scheduler/scheduler.controller.js +++ b/awx/ui/client/src/scheduler/scheduler.controller.js @@ -55,7 +55,7 @@ export default [ schedList.well = true; // include name of item in listTitle - let escaped_title = $("").text(title ? title : parentObject.name)[0].innerHTML + let escaped_title = $("").text(title ? title : parentObject.name)[0].innerHTML; schedList.listTitle = `${escaped_title}
Schedules`; schedList.basePath = parentObject.url + "schedules";