External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-19 05:31:22 -03:30
Code Issues Packages Projects Releases Wiki Activity

XSS character escaping for activity stream

Browse Source 
The activity stream widget needed the XSS character escaping
This commit is contained in:
Jared Tabor 2015-01-29 15:21:24 -05:00
parent ea0b39859b
commit 71eaa5aa2a
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
awx/ui/static/js/widgets/Stream.js
View File

@ -14,7 +14,7 @@
'use strict';
angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefinition', 'SearchHelper', 'PaginationHelpers',
'RefreshHelper', 'ListGenerator', 'StreamWidget', 'AuthService'
'RefreshHelper', 'ListGenerator', 'StreamWidget', 'AuthService',
])
.factory('setStreamHeight', [
@ -175,8 +175,8 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti
}
])
.factory('BuildDescription', ['FixUrl', 'BuildUrl',
function (FixUrl, BuildUrl) {
.factory('BuildDescription', ['FixUrl', 'BuildUrl','$sce',
function (FixUrl, BuildUrl, $sce) {
return function (activity) {
function stripDeleted(s) {
@ -264,7 +264,9 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti
descr += obj1 + name;
descr_nolink += obj1 + name_nolink;
}
activity.description = descr;
descr = descr.replace(/</g, "&lt;");
descr = descr.replace(/>/g, "&gt;");
activity.description = $sce.getTrustedHtml(descr);
activity.description_nolink = descr_nolink;
};
}