External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-15 10:10:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

Prevent html injection in host events

Browse Source 
replaced '<' and '>' characters with their escape characters to prevent html from being rendered onto the view.
This commit is contained in:
Jared Tabor
2014-12-08 11:10:20 -05:00
parent e8a837ea11
commit fd86b940e2
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/ui/static/js/helpers/EventViewer.js
View File

@@ -360,6 +360,8 @@ angular.module('EventViewerHelper', ['ModalDialog', 'Utilities', 'EventsViewerFo
event_data.id = event.id;
event_data.parent = event.parent;
event_data.event = (event.event_display) ? event.event_display : event.event;
event_data.msg = event_data.msg.replace(/</g, "&lt;");
event_data.msg = event_data.msg.replace(/>/g, "&gt;");
results.push(event_data);
});
if (show_event) {