mirror of
https://github.com/ansible/awx.git
synced 2026-05-08 01:47:35 -02:30
fix xss vulnerabilities
- on host recent jobs popover - on schedule name tooltip
This commit is contained in:
John Mitchell
@@ -60,7 +60,7 @@ export default
|
|||||||
|
|
||||||
html += "<td class=\"break\"><a href=\"#/jobs/" + job.id + "\" " +
|
html += "<td class=\"break\"><a href=\"#/jobs/" + job.id + "\" " +
|
||||||
"aw-tool-tip=\"" + job.status.charAt(0).toUpperCase() + job.status.slice(1) +
|
"aw-tool-tip=\"" + job.status.charAt(0).toUpperCase() + job.status.slice(1) +
|
||||||
". Click for details\" data-placement=\"top\">" + ellipsis(job.name) + "</a></td>\n";
|
". Click for details\" data-placement=\"top\">" + $filter('sanitize')(ellipsis(job.name)) + "</a></td>\n";
|
||||||
|
|
||||||
html += "</tr>\n";
|
html += "</tr>\n";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,10 +12,10 @@
|
|||||||
|
|
||||||
|
|
||||||
export default [
|
export default [
|
||||||
'$scope', '$location', '$stateParams', 'ScheduleList', 'Rest',
|
'$filter', '$scope', '$location', '$stateParams', 'ScheduleList', 'Rest',
|
||||||
'rbacUiControlService',
|
'rbacUiControlService',
|
||||||
'ToggleSchedule', 'DeleteSchedule', '$q', '$state', 'Dataset', 'ParentObject', 'UnifiedJobsOptions',
|
'ToggleSchedule', 'DeleteSchedule', '$q', '$state', 'Dataset', 'ParentObject', 'UnifiedJobsOptions',
|
||||||
function($scope, $location, $stateParams,
|
function($filter, $scope, $location, $stateParams,
|
||||||
ScheduleList, Rest,
|
ScheduleList, Rest,
|
||||||
rbacUiControlService,
|
rbacUiControlService,
|
||||||
ToggleSchedule, DeleteSchedule,
|
ToggleSchedule, DeleteSchedule,
|
||||||
@@ -90,7 +90,7 @@ export default [
|
|||||||
schedule.status_tip = 'Schedule is stopped. Click to activate.';
|
schedule.status_tip = 'Schedule is stopped. Click to activate.';
|
||||||
}
|
}
|
||||||
|
|
||||||
schedule.nameTip = schedule.name;
|
schedule.nameTip = $filter('sanitize')(schedule.name);
|
||||||
// include the word schedule if the schedule name does not include the word schedule
|
// include the word schedule if the schedule name does not include the word schedule
|
||||||
if (schedule.name.indexOf("schedule") === -1 && schedule.name.indexOf("Schedule") === -1) {
|
if (schedule.name.indexOf("schedule") === -1 && schedule.name.indexOf("Schedule") === -1) {
|
||||||
schedule.nameTip += " schedule";
|
schedule.nameTip += " schedule";
|
||||||
@@ -99,7 +99,7 @@ export default [
|
|||||||
if (job.name.indexOf("job") === -1 && job.name.indexOf("Job") === -1) {
|
if (job.name.indexOf("job") === -1 && job.name.indexOf("Job") === -1) {
|
||||||
schedule.nameTip += "job ";
|
schedule.nameTip += "job ";
|
||||||
}
|
}
|
||||||
schedule.nameTip += job.name;
|
schedule.nameTip += $filter('sanitize')(job.name);
|
||||||
schedule.nameTip += ". Click to edit schedule.";
|
schedule.nameTip += ". Click to edit schedule.";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user