From bc09e42fbeb6ac473bb0456404221010f803c1b4 Mon Sep 17 00:00:00 2001
From: Leigh Johnson <ljohnson@redhat.com>
Date: Fri, 1 Jul 2016 08:51:30 -0400
Subject: [PATCH] fix xss vulnerability in group count tooltip, resolves #2725

---
 awx/ui/client/src/lists/InventoryGroups.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/ui/client/src/lists/InventoryGroups.js b/awx/ui/client/src/lists/InventoryGroups.js
index 0b821462db..4628388e90 100644
--- a/awx/ui/client/src/lists/InventoryGroups.js
+++ b/awx/ui/client/src/lists/InventoryGroups.js
@@ -61,7 +61,7 @@ export default
                 type: 'badgeCount',
                 ngHide: 'group.total_groups == 0',
                 noLink: true,
-                awToolTip: "{{group.name}} contains {{group.total_groups}} {{group.total_groups === 1 ? 'child' : 'children'}}",
+                awToolTip: "{{group.name | sanitize}} contains {{group.total_groups}} {{group.total_groups === 1 ? 'child' : 'children'}}",
                 searchable: false,
             },
             source: {