adding sanitizer filter for app

I'm adding a sanitize filter to be used whenever we want to escape tags that are generated from user input. In addition, I created a filters folder and a filter file that imports filters into the app
2026-01-11 18:09:57 -03:30 · 2015-04-02 13:32:21 -04:00 · 2015-04-02 13:32:21 -04:00 · fa27d7de93
commit fa27d7de93
parent 0ea69b1312
8 changed files with 27 additions and 12 deletions
--- a/awx/ui/static/js/app.js
+++ b/awx/ui/static/js/app.js
@ -22,6 +22,7 @@ import 'tower/forms';
 import 'tower/lists';
 import 'tower/widgets';
 import 'tower/help';
+import 'tower/filters'; 
 import {Home, HomeGroups, HomeHosts} from 'tower/controllers/Home';
 import {SocketsController} from 'tower/controllers/Sockets';
 import {Authenticate} from 'tower/controllers/Authentication';
--- a/awx/ui/static/js/filters.js
+++ b/awx/ui/static/js/filters.js
@ -0,0 +1,5 @@
+import sanitizeFilters from 'tower/filters/sanitize/xss-sanitizer.filter';
+
+export {
+  sanitizeFilters
+};
--- a/awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js
+++ b/awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js
@ -0,0 +1,6 @@
+angular.module('sanitizeFilter', []).filter('sanitize', function() {
+  return function(input) {
+    input = input.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    return input;
+  };
+});
--- a/awx/ui/static/js/lists/CompletedJobs.js
+++ b/awx/ui/static/js/lists/CompletedJobs.js
@ -9,7 +9,7 @@


 export default
-    angular.module('CompletedJobsDefinition', [])
+    angular.module('CompletedJobsDefinition', ['sanitizeFilter'])
    .value( 'CompletedJobsList', {

        name: 'completed_jobs',
@ -70,7 +70,9 @@ export default
                label: 'Name',
                columnClass: 'col-md-3 col-sm-4 col-xs-4',
                ngClick: "viewJobLog(completed_job.id, completed_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ completed_job.name | sanitize }}",
+                dataPlacement: 'top'
            },
            failed: {
                label: 'Job failed?',
--- a/awx/ui/static/js/lists/QueuedJobs.js
+++ b/awx/ui/static/js/lists/QueuedJobs.js
@ -9,7 +9,7 @@


 export default
-    angular.module('QueuedJobsDefinition', [])
+    angular.module('QueuedJobsDefinition', ['sanitizeFilter'])
    .value( 'QueuedJobsList', {

        name: 'queued_jobs',
@ -62,7 +62,9 @@ export default
                label: 'Name',
                columnClass: 'col-md-3 col-sm-4 col-xs-4',
                ngClick: "viewJobLog(queued_job.id, queued_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ queued_job.name | sanitize }}",
+                awTipPlacement: "top"
            }
        },

--- a/awx/ui/static/js/lists/RunningJobs.js
+++ b/awx/ui/static/js/lists/RunningJobs.js
@ -9,7 +9,7 @@


 export default
-    angular.module('RunningJobsDefinition', [])
+    angular.module('RunningJobsDefinition', ['sanitizeFilter'])
    .value( 'RunningJobsList', {

        name: 'running_jobs',
@ -63,7 +63,9 @@ export default
                label: 'Name',
                columnClass: 'col-md-3 col-sm-4 col-xs-4',
                ngClick: "viewJobLog(running_job.id, running_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ running_job.name | sanitize }}",
+                awTipPlacement: "top"
            }
        },

--- a/awx/ui/static/js/lists/ScheduledJobs.js
+++ b/awx/ui/static/js/lists/ScheduledJobs.js
@ -9,7 +9,7 @@


 export default
-    angular.module('ScheduledJobsDefinition', [])
+    angular.module('ScheduledJobsDefinition', ['sanitizeFilter'])
    .value( 'ScheduledJobsList', {

        name: 'schedules',
@ -62,7 +62,7 @@ export default
                sourceModel: 'unified_job_template',
                sourceField: 'name',
                ngClick: "editSchedule(schedule.id)",
-                awToolTip: "{{ schedule.nameTip }}",
+                awToolTip: "{{ schedule.nameTip | sanitize}}",
                dataPlacement: "top",
                defaultSearchField: true
            }
--- a/awx/ui/static/js/shared/directives.js
+++ b/awx/ui/static/js/shared/directives.js
@ -402,7 +402,7 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
     *  Include the standard TB data-XXX attributes to controll a tooltip's appearance.  We will
     *  default placement to the left and delay to the config setting.
     */
-    .directive('awToolTip', ['$sce', function($sce) {
+    .directive('awToolTip', [ function() {
        return {
            link: function(scope, element, attrs) {
                var delay = (attrs.delay !== undefined && attrs.delay !== null) ? attrs.delay : ($AnsibleConfig) ? $AnsibleConfig.tooltip_delay : {show: 500, hide: 100},
@ -423,9 +423,6 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
                    });
                });

-                attrs.awToolTip = attrs.awToolTip.replace(/</g, "&lt;");
-                attrs.awToolTip = attrs.awToolTip.replace(/>/g, "&gt;");
-                attrs.awToolTip = $sce.getTrustedHtml(attrs.awToolTip);
                $(element).tooltip({
                    placement: placement,
                    delay: delay,