From 9d5693ff2de8e50f62ec3b5496ac377944c9c9fa Mon Sep 17 00:00:00 2001
From: Ken Hoes <khoes@ansible.com>
Date: Wed, 13 Jul 2016 10:42:09 -0400
Subject: [PATCH 1/2] Sanitizing name in popup

---
 awx/ui/client/src/inventories/list/inventory-list.controller.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/inventories/list/inventory-list.controller.js b/awx/ui/client/src/inventories/list/inventory-list.controller.js
index e57a7beb32..142e7eff53 100644
--- a/awx/ui/client/src/inventories/list/inventory-list.controller.js
+++ b/awx/ui/client/src/inventories/list/inventory-list.controller.js
@@ -197,7 +197,7 @@ function InventoriesList($scope, $rootScope, $location, $log,
                     ". Click for details\" aw-tip-placement=\"top\"><i class=\"fa icon-job-" + row.status + "\"></i></a></td>\n";
                 html += "<td>" + ($filter('longDate')(row.finished)).replace(/ /,'<br />') + "</td>";
                 html += "<td><a href=\"#/jobs/" + row.id + "\" " + "aw-tool-tip=\"" + row.status.charAt(0).toUpperCase() + row.status.slice(1) +
-                    ". Click for details\" aw-tip-placement=\"top\">" + ellipsis(row.name) + "</a></td>";
+                    ". Click for details\" aw-tip-placement=\"top\">" + $filter('sanitize')(ellipsis(row.name)) + "</a></td>";
                 html += "</tr>\n";
             });
             html += "</tbody>\n";

From 53492f3fa1346f33b8f48a2b51c2ac587a68e4a2 Mon Sep 17 00:00:00 2001
From: Ken Hoes <khoes@ansible.com>
Date: Wed, 13 Jul 2016 15:33:24 -0400
Subject: [PATCH 2/2] Added sanitize filter to other name instances

---
 .../client/src/inventories/list/inventory-list.controller.js  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/ui/client/src/inventories/list/inventory-list.controller.js b/awx/ui/client/src/inventories/list/inventory-list.controller.js
index 142e7eff53..a5d2b00a01 100644
--- a/awx/ui/client/src/inventories/list/inventory-list.controller.js
+++ b/awx/ui/client/src/inventories/list/inventory-list.controller.js
@@ -232,14 +232,14 @@ function InventoriesList($scope, $rootScope, $location, $log,
                 html += "<tr>";
                 html += `<td><a href="" ng-click="viewJob('${row.related.last_update}')" aw-tool-tip="${row.status.charAt(0).toUpperCase() + row.status.slice(1)}. Click for details" aw-tip-placement="top"><i class="SmartStatus-tooltip--${row.status} fa icon-job-${row.status}"></i></a></td>`;
                 html += "<td>" + ($filter('longDate')(row.last_updated)).replace(/ /,'<br />') + "</td>";
-                html += "<td><a href=\"\" ng-click=\"viewJob('" + row.related.last_update + "')\">" + ellipsis(row.summary_fields.group.name) + "</a></td>";
+                html += "<td><a href=\"\" ng-click=\"viewJob('" + row.related.last_update + "')\">" + $filter('sanitize')(ellipsis(row.summary_fields.group.name)) + "</a></td>";
                 html += "</tr>\n";
             }
             else {
                 html += "<tr>";
                 html += "<td><a href=\"\" aw-tool-tip=\"No sync data\" aw-tip-placement=\"top\"><i class=\"fa icon-job-none\"></i></a></td>";
                 html += "<td>NA</td>";
-                html += "<td><a href=\"\">" + ellipsis(row.summary_fields.group.name) + "</a></td>";
+                html += "<td><a href=\"\">" + $filter('sanitize')(ellipsis(row.summary_fields.group.name)) + "</a></td>";
                 html += "</tr>\n";
             }
         });