adding sanitizer filter for app

I'm adding a sanitize filter to be used whenever we want to escape tags that are generated from user input. In addition, I created a filters folder and a filter file that imports filters into the app

awx/ui/static/js/app.js

@@ -22,6 +22,7 @@ import 'tower/forms';
 import 'tower/lists';
 import 'tower/widgets';
 import 'tower/help';
+import 'tower/filters'; 
 import {Home, HomeGroups, HomeHosts} from 'tower/controllers/Home';
 import {SocketsController} from 'tower/controllers/Sockets';
 import {Authenticate} from 'tower/controllers/Authentication';

awx/ui/static/js/filters.js

@@ -0,0 +1,5 @@
+import sanitizeFilters from 'tower/filters/sanitize/xss-sanitizer.filter';
+
+export {
+  sanitizeFilters
+};

awx/ui/static/js/filters/sanitize/xss-sanitizer.filter.js

@@ -0,0 +1,6 @@
+angular.module('sanitizeFilter', []).filter('sanitize', function() {
+  return function(input) {
+    input = input.replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    return input;
+  };
+});

awx/ui/static/js/lists/CompletedJobs.js

@@ -9,7 +9,7 @@
 
 
 export default
-    angular.module('CompletedJobsDefinition', [])
+    angular.module('CompletedJobsDefinition', ['sanitizeFilter'])
     .value( 'CompletedJobsList', {
 
         name: 'completed_jobs',
@@ -70,7 +70,9 @@ export default
                 label: 'Name',
                 columnClass: 'col-md-3 col-sm-4 col-xs-4',
                 ngClick: "viewJobLog(completed_job.id, completed_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ completed_job.name | sanitize }}",
+                dataPlacement: 'top'
             },
             failed: {
                 label: 'Job failed?',

awx/ui/static/js/lists/QueuedJobs.js

@@ -9,7 +9,7 @@
 
 
 export default
-    angular.module('QueuedJobsDefinition', [])
+    angular.module('QueuedJobsDefinition', ['sanitizeFilter'])
     .value( 'QueuedJobsList', {
 
         name: 'queued_jobs',
@@ -62,7 +62,9 @@ export default
                 label: 'Name',
                 columnClass: 'col-md-3 col-sm-4 col-xs-4',
                 ngClick: "viewJobLog(queued_job.id, queued_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ queued_job.name | sanitize }}",
+                awTipPlacement: "top"
             }
         },
 

awx/ui/static/js/lists/RunningJobs.js

@@ -9,7 +9,7 @@
 
 
 export default
-    angular.module('RunningJobsDefinition', [])
+    angular.module('RunningJobsDefinition', ['sanitizeFilter'])
     .value( 'RunningJobsList', {
 
         name: 'running_jobs',
@@ -63,7 +63,9 @@ export default
                 label: 'Name',
                 columnClass: 'col-md-3 col-sm-4 col-xs-4',
                 ngClick: "viewJobLog(running_job.id, running_job.nameHref)",
-                defaultSearchField: true
+                defaultSearchField: true,
+                awToolTip: "{{ running_job.name | sanitize }}",
+                awTipPlacement: "top"
             }
         },
 

awx/ui/static/js/lists/ScheduledJobs.js

@@ -9,7 +9,7 @@
 
 
 export default
-    angular.module('ScheduledJobsDefinition', [])
+    angular.module('ScheduledJobsDefinition', ['sanitizeFilter'])
     .value( 'ScheduledJobsList', {
 
         name: 'schedules',
@@ -62,7 +62,7 @@ export default
                 sourceModel: 'unified_job_template',
                 sourceField: 'name',
                 ngClick: "editSchedule(schedule.id)",
-                awToolTip: "{{ schedule.nameTip }}",
+                awToolTip: "{{ schedule.nameTip | sanitize}}",
                 dataPlacement: "top",
                 defaultSearchField: true
             }

awx/ui/static/js/shared/directives.js

@@ -402,7 +402,7 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
      *  Include the standard TB data-XXX attributes to controll a tooltip's appearance.  We will
      *  default placement to the left and delay to the config setting.
      */
-    .directive('awToolTip', ['$sce', function($sce) {
+    .directive('awToolTip', [ function() {
         return {
             link: function(scope, element, attrs) {
                 var delay = (attrs.delay !== undefined && attrs.delay !== null) ? attrs.delay : ($AnsibleConfig) ? $AnsibleConfig.tooltip_delay : {show: 500, hide: 100},
@@ -423,9 +423,6 @@ angular.module('AWDirectives', ['RestServices', 'Utilities', 'AuthService', 'Job
                     });
                 });
 
-                attrs.awToolTip = attrs.awToolTip.replace(/</g, "&lt;");
-                attrs.awToolTip = attrs.awToolTip.replace(/>/g, "&gt;");
-                attrs.awToolTip = $sce.getTrustedHtml(attrs.awToolTip);
                 $(element).tooltip({
                     placement: placement,
                     delay: delay,