diff --git a/awx/ui/static/js/helpers/EventViewer.js b/awx/ui/static/js/helpers/EventViewer.js index 6e8c13802a..ff76bffc3d 100644 --- a/awx/ui/static/js/helpers/EventViewer.js +++ b/awx/ui/static/js/helpers/EventViewer.js @@ -437,8 +437,7 @@ export default else { if( typeof itm === "string"){ if(itm.indexOf('<') > -1 || itm.indexOf('>') > -1){ - itm = itm.replace(//g, ">"); + itm = $filter('sanitize')(itm); } } html += "" + itm + ""; @@ -547,15 +546,14 @@ export default }; }]) - .factory('EventAddPreFormattedText', [function() { + .factory('EventAddPreFormattedText', ['$filter', function($filter) { return function(params) { var id = params.id, val = params.val, html; if( typeof val === "string"){ if(val.indexOf('<') > -1 || val.indexOf('>') > -1){ - val = val.replace(//g, ">"); + val = $filter('sanitize')(val); } } html = "
" + val + "
\n"; diff --git a/awx/ui/static/js/helpers/JobSubmission.js b/awx/ui/static/js/helpers/JobSubmission.js index f0d9f4bc83..3ec4b2f8ef 100644 --- a/awx/ui/static/js/helpers/JobSubmission.js +++ b/awx/ui/static/js/helpers/JobSubmission.js @@ -497,9 +497,9 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm, }; }]) - .factory('PromptForSurvey', ['$compile', 'Wait', 'Alert', 'CredentialForm', 'CreateLaunchDialog', 'SurveyControllerInit' , 'GetBasePath', 'Rest' , 'Empty', + .factory('PromptForSurvey', ['$filter', '$compile', 'Wait', 'Alert', 'CredentialForm', 'CreateLaunchDialog', 'SurveyControllerInit' , 'GetBasePath', 'Rest' , 'Empty', 'GenerateForm', 'ShowSurveyModal', 'ProcessErrors', '$routeParams' , - function($compile, Wait, Alert, CredentialForm, CreateLaunchDialog, SurveyControllerInit, GetBasePath, Rest, Empty, + function($filter, $compile, Wait, Alert, CredentialForm, CreateLaunchDialog, SurveyControllerInit, GetBasePath, Rest, Empty, GenerateForm, ShowSurveyModal, ProcessErrors, $routeParams) { return function(params) { var html = params.html || "", @@ -519,10 +519,8 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm, function buildHtml(question, index){ question.index = index; - question.question_name = question.question_name.replace(//g, ">"); - question.question_description = (question.question_description) ? question.question_description.replace(//g, ">") : undefined; + question.question_name = $filter('sanitize')(question.question_name); + question.question_description = (question.question_description) ? $filter('sanitize')(question.question_description) : undefined; requiredAsterisk = (question.required===true) ? "prepend-asterisk" : ""; @@ -603,8 +601,7 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm, html+='
'; for( j = 0; j/g, ">"); + choices[j] = $filter('sanitize')(choices[j]); html+= '' + ''+choices[j] +'
' ; } diff --git a/awx/ui/static/js/helpers/Survey.js b/awx/ui/static/js/helpers/Survey.js index 77632bae06..0f1f494ed6 100644 --- a/awx/ui/static/js/helpers/Survey.js +++ b/awx/ui/static/js/helpers/Survey.js @@ -253,8 +253,8 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', * }) * */ - .factory('FinalizeQuestion', ['GetBasePath','Rest', 'Wait', 'ProcessErrors', '$compile', 'Empty', '$filter', 'sanitizeFilter', - function(GetBasePath, Rest, Wait, ProcessErrors, $compile, Empty, $filter, sanitizeFilter) { + .factory('FinalizeQuestion', ['GetBasePath','Rest', 'Wait', 'ProcessErrors', '$compile', 'Empty', '$filter', + function(GetBasePath, Rest, Wait, ProcessErrors, $compile, Empty, $filter) { return function(params) { var scope = params.scope, @@ -272,10 +272,8 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', html = ""; question.index = index; - question.question_name = question.question_name.replace(//g, ">"); - question.question_description = (question.question_description) ? question.question_description.replace(//g, ">") : undefined; + question.question_name = $filter('sanitize')(question.question_name); + question.question_description = (question.question_description) ? $filter('sanitize')(question.question_description) : undefined; if(!$('#question_'+question.index+':eq(0)').is('div')){ @@ -291,8 +289,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', if(question.type === 'text' ){ defaultValue = (question.default) ? question.default : ""; - defaultValue = defaultValue.replace(//g, ">"); + defaultValue = $filter('sanitize')(defaultValue); defaultValue = scope.serialize(defaultValue); html+='
'+ '
'+ @@ -301,8 +298,7 @@ angular.module('SurveyHelper', [ 'Utilities', 'RestServices', 'SchedulesHelper', } if(question.type === "textarea"){ defaultValue = (question.default) ? question.default : (question.default_textarea) ? question.default_textarea: "" ; - defaultValue = defaultValue.replace(//g, ">"); + defaultValue = $filter('sanitize')(defaultValue); defaultValue = scope.serialize(defaultValue); html+='
'+ '
'+ diff --git a/awx/ui/static/js/widgets/Stream.js b/awx/ui/static/js/widgets/Stream.js index afa564c2cd..3000100012 100644 --- a/awx/ui/static/js/widgets/Stream.js +++ b/awx/ui/static/js/widgets/Stream.js @@ -176,8 +176,8 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti } ]) -.factory('BuildDescription', ['FixUrl', 'BuildUrl','$sce', - function (FixUrl, BuildUrl, $sce) { +.factory('BuildDescription', ['$filter', 'FixUrl', 'BuildUrl','$sce', + function ($filter, FixUrl, BuildUrl, $sce) { return function (activity) { function stripDeleted(s) { @@ -210,9 +210,7 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti // The block until line 221 is for associative/disassociative operations, such as adding/removing a user to a team or vise versa if (obj2_obj && obj2_obj.name && !/^_delete/.test(obj2_obj.name)) { obj2_obj.base = obj2; - obj2_obj.name = obj2_obj.name.replace(//g, ">"); - obj2_obj.name = $sce.getTrustedHtml(obj2_obj.name); + obj2_obj.name = $filter('sanitize')(obj2_obj.name); descr += obj2 + " " + obj2_obj.name + '' + ((activity.operation === 'disassociate') ? ' from ' : ' to '); descr_nolink += obj2 + ' ' + obj2_obj.name + ((activity.operation === 'disassociate') ? ' from ' : ' to '); } else if (obj2) { @@ -227,8 +225,7 @@ angular.module('StreamWidget', ['RestServices', 'Utilities', 'StreamListDefiniti obj1_obj.base = obj1; // Need to character escape the link names, as a malicious url or piece of html could be inserted here that could take the // user to a unknown location. - obj1_obj.name = obj1_obj.name.replace(//g, ">"); + obj1_obj.name = $filter('sanitize')(obj1_obj.name); obj1_obj.name = $sce.getTrustedHtml(obj1_obj.name); descr += obj1 + " " + obj1_obj.name + ''; descr_nolink += obj1 + ' ' + obj1_obj.name;