Replace usage of .html(...) with .text(...) where possible;
Wrap input with fs.sanitize(...) where .html() must be used.
Change-Id: I8e524e4c9c1fb2ddac5081bea3fb5af774c712f7
diff --git a/onos-byon-gui/src/main/resources/app/view/byonNetworks/byonNetworks.js b/onos-byon-gui/src/main/resources/app/view/byonNetworks/byonNetworks.js
index e38fd8c..14327c0 100644
--- a/onos-byon-gui/src/main/resources/app/view/byonNetworks/byonNetworks.js
+++ b/onos-byon-gui/src/main/resources/app/view/byonNetworks/byonNetworks.js
@@ -18,7 +18,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', friendlyProps[index] + ' :');
@@ -27,9 +27,9 @@
function addHost(tbody, host) {
var tr = tbody.append('tr');
- tr.append('td').html(host.mac)
- .append('td').html(host.ip)
- .append('td').html(host.loc);
+ tr.append('td').text(host.mac)
+ .append('td').text(host.ip)
+ .append('td').text(host.loc);
}
function populatePanel(panel) {
@@ -91,7 +91,9 @@
$log.log('OvByonNetworksCtrl has been created');
}])
- .directive('ovByonNetworksDetailsPanel', ['PanelService', 'KeyService',
+ .directive('ovByonNetworksDetailsPanel',
+ ['PanelService', 'KeyService',
+
function (ps, ks) {
return {
restrict: 'E',
diff --git a/uiref/src/main/resources/app/view/uiRefTable/uiRefTable.js b/uiref/src/main/resources/app/view/uiRefTable/uiRefTable.js
index 03da382..04550db 100644
--- a/uiref/src/main/resources/app/view/uiRefTable/uiRefTable.js
+++ b/uiref/src/main/resources/app/view/uiRefTable/uiRefTable.js
@@ -18,7 +18,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', friendlyProps[index] + ' :');
addCell('value', value);