Replace usage of .html(...) with .text(...) where possible;
Wrap input with fs.sanitize(...) where .html() must be used.
Change-Id: I39e20b6fb561b3a1801579ca6a86a5f94483e4a9
diff --git a/apps/faultmanagement/fmgui/src/main/resources/app/view/alarmTable/alarmTable.js b/apps/faultmanagement/fmgui/src/main/resources/app/view/alarmTable/alarmTable.js
index a742dae..20f8b84 100644
--- a/apps/faultmanagement/fmgui/src/main/resources/app/view/alarmTable/alarmTable.js
+++ b/apps/faultmanagement/fmgui/src/main/resources/app/view/alarmTable/alarmTable.js
@@ -9,15 +9,22 @@
var detailsReq = 'alarmTableDetailsRequest',
detailsResp = 'alarmTableDetailsResponse',
pName = 'ov-alarm-table-item-details-panel',
- propOrder = ['id', 'alarmDeviceId', 'alarmDesc', 'alarmSource', 'alarmTimeRaised', 'alarmTimeUpdated', 'alarmTimeCleared', 'alarmSeverity'],
- friendlyProps = ['Alarm Id', 'Device Id', 'Description', 'Source', 'Time Raised', 'Time Updated', 'Time Cleared', 'Severity'];
+ propOrder = [
+ 'id', 'alarmDeviceId', 'alarmDesc', 'alarmSource',
+ 'alarmTimeRaised', 'alarmTimeUpdated', 'alarmTimeCleared',
+ 'alarmSeverity'
+ ],
+ friendlyProps = [
+ 'Alarm Id', 'Device Id', 'Description', 'Source',
+ 'Time Raised', 'Time Updated', 'Time Cleared', 'Severity'
+ ];
function addProp(tbody, index, value) {
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', friendlyProps[index] + ' :');
addCell('value', value);
diff --git a/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js b/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
index c3892d4..c2462b2 100644
--- a/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
+++ b/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
@@ -97,11 +97,11 @@
topTable = top.append('div').classed('top-content', true)
.append('table');
top.append('hr');
- keyDiv.append('h2').html('Mapping Key');
+ keyDiv.append('h2').text('Mapping Key');
topKeyTable = keyDiv.append('div').classed('top-content', true)
.append('table');
keyDiv.append('hr');
- valueDiv.append('h2').html('Mapping Value');
+ valueDiv.append('h2').text('Mapping Value');
bottomValueTable = valueDiv.append('table');
// TODO: add more details later
@@ -111,7 +111,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', friendlyProps[index] + ' :');
addCell('value', value);
@@ -121,7 +121,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', label + ' :');
addCell('value', value);
@@ -129,7 +129,7 @@
function populateTop(details) {
is.loadEmbeddedIcon(iconDiv, 'mappingTable', 40);
- top.select('h2').html(details.mappingId);
+ top.select('h2').text(details.mappingId);
var tbody = topTable.append('tbody');
@@ -146,10 +146,10 @@
addProp(tbody, i, details[prop]);
});
- topKeyTablebody.append('tr').append('td').attr('class', 'value').html(address);
+ topKeyTablebody.append('tr').append('td').attr('class', 'value').text(address);
treatmentFriendlyProps.forEach(function (col) {
- bottomValueTableheader.append('th').html(col);
+ bottomValueTableheader.append('th').text(col);
});
treatments.forEach(function (sel) {
populateTreatmentTable(bottomValueTablebody, sel);
@@ -165,7 +165,7 @@
function addTreatmentProp(tr, value) {
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('value', value);
}
diff --git a/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js b/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
index 3be7e0c..6dfb890 100644
--- a/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
+++ b/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
@@ -88,7 +88,7 @@
top.append('hr');
bottom = container.append('div').classed('bottom', true);
- bottom.append('h2').html('YANG Source');
+ bottom.append('h2').text('YANG Source');
srcFrame = bottom.append('div').classed('src-frame', true);
srcDiv = srcFrame.append('div').classed('module-source', true);
@@ -98,12 +98,12 @@
function populateTop(details) {
is.loadEmbeddedIcon(iconDiv, 'nav_yang', 40);
top.select('h2')
- .html('Module ' + details.id + ' (' + details.revision + ')');
+ .text('Module ' + details.id + ' (' + details.revision + ')');
}
function populateBottom(source) {
var src = srcDiv.select('pre');
- src.html(source.join('\n'));
+ src.text(source.join('\n'));
}
function closePanel() {