From cbcc47010db2fc857018158282d3ab0418d1eba5 Mon Sep 17 00:00:00 2001
From: mabashian <mabashia@redhat.com>
Date: Thu, 28 Jun 2018 08:59:36 -0400
Subject: [PATCH 1/2] Rolls back changes to the xss filter.  Removes
 unnecessary sanitize of credential names in tags

---
 awx/ui/client/features/output/details.component.js           | 2 +-
 awx/ui/client/features/templates/templatesList.controller.js | 4 ++--
 awx/ui/client/src/shared/filters/xss-sanitizer.filter.js     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/awx/ui/client/features/output/details.component.js b/awx/ui/client/features/output/details.component.js
index 18a64c86ec..749903cd2a 100644
--- a/awx/ui/client/features/output/details.component.js
+++ b/awx/ui/client/features/output/details.component.js
@@ -409,7 +409,7 @@ function buildCredentialDetails (credential) {
     const icon = `${credential.kind}`;
     const link = `/#/credentials/${credential.id}`;
     const tooltip = strings.get('tooltips.CREDENTIAL');
-    const value = $filter('sanitize')(credential.name);
+    const value = credential.name;
 
     return { icon, link, tooltip, value };
 }
diff --git a/awx/ui/client/features/templates/templatesList.controller.js b/awx/ui/client/features/templates/templatesList.controller.js
index ede54116c4..fe0a8d31af 100644
--- a/awx/ui/client/features/templates/templatesList.controller.js
+++ b/awx/ui/client/features/templates/templatesList.controller.js
@@ -170,10 +170,10 @@ function ListTemplatesController(
             const icon = `${credential.kind}`;
             const link = `/#/credentials/${credential.id}`;
             const tooltip = strings.get('tooltips.VIEW_THE_CREDENTIAL');
-            const value = $filter('sanitize')(credential.name);
+            const value = credential.name;
 
             return { icon, link, tooltip, value };
-        })
+        });
     };
 
     vm.getLastRan = template => {
diff --git a/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js b/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js
index 893e5950c1..ef1c16d32d 100644
--- a/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js
+++ b/awx/ui/client/src/shared/filters/xss-sanitizer.filter.js
@@ -6,7 +6,7 @@
 
  export default [function() {
      return function(input) {
-         input = $("<span>").text(input)[0].textContent;
+         input = $("<span>").text(input)[0].innerHTML;
          return input;
      };
  }];

From b426eeeb5c821cf223ccc25a1693cf809ce92ddb Mon Sep 17 00:00:00 2001
From: mabashian <mabashia@redhat.com>
Date: Thu, 28 Jun 2018 13:26:48 -0400
Subject: [PATCH 2/2] Rolls back xss filter test

---
 awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js b/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js
index 8f15da162f..2f4db9df83 100644
--- a/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js
+++ b/awx/ui/test/spec/shared/filters/xss-sanitizer.filter-test.js
@@ -12,6 +12,6 @@ describe('Filter: sanitize', () => {
     });
 
     it('should sanitize xss-vulnerable strings', function(){
-      expect(filter("<div>foobar</div>")).toBe("<div>foobar</div>");
+      expect(filter("<div>foobar</div>")).toBe("&lt;div&gt;foobar&lt;/div&gt;");
     });
 });