External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-23 05:55:59 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #149 from mabashian/7283-xss-schedules

Browse Source 
Sanitize schedule titles
This commit is contained in:
Michael Abashian
2017-08-03 09:36:13 -04:00
committed by GitHub
parent 270217a612 073af62cf9
commit 77f4e21e19
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/ui/client/src/scheduler/main.js
View File

@@ -85,9 +85,9 @@ export default
},
views: {
'@': {
templateProvider: function(ScheduleList, generateList, ParentObject){
templateProvider: function(ScheduleList, generateList, ParentObject, $filter){
// include name of parent resource in listTitle
ScheduleList.listTitle = `${ParentObject.name}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
ScheduleList.listTitle = `${$filter('sanitize')(ParentObject.name)}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
let html = generateList.build({
list: ScheduleList,
mode: 'edit'
@@ -178,9 +178,9 @@ export default
},
views: {
'@': {
templateProvider: function(ScheduleList, generateList, ParentObject){
templateProvider: function(ScheduleList, generateList, ParentObject, $filter){
// include name of parent resource in listTitle
ScheduleList.listTitle = `${ParentObject.name}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
ScheduleList.listTitle = `${$filter('sanitize')(ParentObject.name)}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
let html = generateList.build({
list: ScheduleList,
mode: 'edit'
@@ -268,9 +268,9 @@ export default
},
views: {
'@': {
templateProvider: function(ScheduleList, generateList, ParentObject){
templateProvider: function(ScheduleList, generateList, ParentObject, $filter){
// include name of parent resource in listTitle
ScheduleList.listTitle = `${ParentObject.name}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
ScheduleList.listTitle = `${$filter('sanitize')(ParentObject.name)}<div class='List-titleLockup'></div>` + N_('SCHEDULES');
let html = generateList.build({
list: ScheduleList,
mode: 'edit'