Merge pull request #2351 from mabashian/2301-xss

Rolls back changes to the xss filter.  Addresses escaped characters in cred tags.

awx/ui/client/features/output/details.component.js

@@ -417,7 +417,7 @@ function buildCredentialDetails (credential) {
     const icon = `${credential.kind}`;
     const link = `/#/credentials/${credential.id}`;
     const tooltip = strings.get('tooltips.CREDENTIAL');
-    const value = $filter('sanitize')(credential.name);
+    const value = credential.name;
 
     return { icon, link, tooltip, value };
 }

awx/ui/client/features/templates/templatesList.controller.js

@@ -170,10 +170,10 @@ function ListTemplatesController(
             const icon = `${credential.kind}`;
             const link = `/#/credentials/${credential.id}`;
             const tooltip = strings.get('tooltips.VIEW_THE_CREDENTIAL');
-            const value = $filter('sanitize')(credential.name);
+            const value = credential.name;
 
             return { icon, link, tooltip, value };
-        })
+        });
     };
 
     vm.getLastRan = template => {

awx/ui/client/src/shared/filters/xss-sanitizer.filter.js

@@ -6,7 +6,7 @@
 
  export default [function() {
      return function(input) {
-         input = $("<span>").text(input)[0].textContent;
+         input = $("<span>").text(input)[0].innerHTML;
          return input;
      };
  }];

awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js

@@ -12,6 +12,6 @@ describe('Filter: sanitize', () => {
     });
 
     it('should sanitize xss-vulnerable strings', function(){
-      expect(filter("<div>foobar</div>")).toBe("<div>foobar</div>");
+      expect(filter("<div>foobar</div>")).toBe("&lt;div&gt;foobar&lt;/div&gt;");
     });
 });