From b127e7f2765c6173c5cf27d34491e7ca0a4ac101 Mon Sep 17 00:00:00 2001
From: John Mitchell <jlmitch5@ncsu.edu>
Date: Wed, 29 Apr 2015 16:08:32 -0400
Subject: [PATCH] fixing xss bugs

---
 awx/ui/static/js/shared/Utilities.js     |  5 +++--
 awx/ui/static/js/shared/prompt-dialog.js | 10 +++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/awx/ui/static/js/shared/Utilities.js b/awx/ui/static/js/shared/Utilities.js
index 496453faad..a09f730feb 100644
--- a/awx/ui/static/js/shared/Utilities.js
+++ b/awx/ui/static/js/shared/Utilities.js
@@ -15,7 +15,7 @@
 
 
 export default
-angular.module('Utilities', ['RestServices', 'Utilities'])
+angular.module('Utilities', ['RestServices', 'Utilities', 'sanitizeFilter'])
 
 /**
  * @ngdoc method
@@ -99,9 +99,10 @@ angular.module('Utilities', ['RestServices', 'Utilities'])
  * alert-info...). Pass an optional function(){}, if you want a specific action to occur when user
  * clicks 'OK' button. Set secondAlert to true, when a second dialog is needed.
  */
-.factory('Alert', ['$rootScope', function ($rootScope) {
+.factory('Alert', ['$rootScope', '$filter', function ($rootScope, $filter) {
     return function (hdr, msg, cls, action, secondAlert, disableButtons, backdrop) {
         var scope = $rootScope.$new(), alertClass, local_backdrop;
+        msg = $filter('sanitize')(msg);
         if (secondAlert) {
 
             $('#alertHeader2').html(hdr);
diff --git a/awx/ui/static/js/shared/prompt-dialog.js b/awx/ui/static/js/shared/prompt-dialog.js
index 2e49fa4545..b3637961bd 100644
--- a/awx/ui/static/js/shared/prompt-dialog.js
+++ b/awx/ui/static/js/shared/prompt-dialog.js
@@ -27,16 +27,16 @@
 */
 
 export default
-angular.module('PromptDialog', ['Utilities'])
-    .factory('Prompt', ['$sce',
-        function ($sce) {
+angular.module('PromptDialog', ['Utilities', 'sanitizeFilter'])
+    .factory('Prompt', ['$sce', '$filter',
+        function ($sce, $filter) {
             return function (params) {
 
                 var dialog = angular.element(document.getElementById('prompt-modal')),
                     scope = dialog.scope(), cls, local_backdrop;
-                
+
                 scope.promptHeader = params.hdr;
-                scope.promptBody = $sce.trustAsHtml(params.body);
+                scope.promptBody = $filter('sanitize')(params.body);
                 scope.promptAction = params.action;
 
                 local_backdrop = (params.backdrop === undefined) ? "static" : params.backdrop;