commit 239f09e2f920a3ab0f15a90e88fdc6c3701f2403
author Simon Hunt <simon@onlab.us> Thu May 18 13:10:09 2017 -0700
committer Simon Hunt <simon@onlab.us> Fri May 19 14:48:42 2017 +0000
tree 9d082bd5f20b86d74d8e8aac1c0d27755a27d582
parent 3568df76f9ffe4f84841c20eb5865b8c2577f8d2

Replace usage of .html(...) with .text(...) where possible;
Wrap input with fs.sanitize(...) where .html() must be used.

Change-Id: I39e20b6fb561b3a1801579ca6a86a5f94483e4a9

apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js

diff --git a/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js b/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
index c3892d4..c2462b2 100644
--- a/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
+++ b/apps/mappingmanagement/web/src/main/resources/app/view/mapping/mapping.js
@@ -97,11 +97,11 @@
         topTable = top.append('div').classed('top-content', true)
             .append('table');
         top.append('hr');
-        keyDiv.append('h2').html('Mapping Key');
+        keyDiv.append('h2').text('Mapping Key');
         topKeyTable = keyDiv.append('div').classed('top-content', true)
                             .append('table');
         keyDiv.append('hr');
-        valueDiv.append('h2').html('Mapping Value');
+        valueDiv.append('h2').text('Mapping Value');
         bottomValueTable = valueDiv.append('table');
 
         // TODO: add more details later
@@ -111,7 +111,7 @@
         var tr = tbody.append('tr');
 
         function addCell(cls, txt) {
-            tr.append('td').attr('class', cls).html(txt);
+            tr.append('td').attr('class', cls).text(txt);
         }
         addCell('label', friendlyProps[index] + ' :');
         addCell('value', value);
@@ -121,7 +121,7 @@
         var tr = tbody.append('tr');
 
         function addCell(cls, txt) {
-            tr.append('td').attr('class', cls).html(txt);
+            tr.append('td').attr('class', cls).text(txt);
         }
         addCell('label', label + ' :');
         addCell('value', value);
@@ -129,7 +129,7 @@
 
     function populateTop(details) {
         is.loadEmbeddedIcon(iconDiv, 'mappingTable', 40);
-        top.select('h2').html(details.mappingId);
+        top.select('h2').text(details.mappingId);
 
         var tbody = topTable.append('tbody');
 
@@ -146,10 +146,10 @@
             addProp(tbody, i, details[prop]);
         });
 
-        topKeyTablebody.append('tr').append('td').attr('class', 'value').html(address);
+        topKeyTablebody.append('tr').append('td').attr('class', 'value').text(address);
 
         treatmentFriendlyProps.forEach(function (col) {
-            bottomValueTableheader.append('th').html(col);
+            bottomValueTableheader.append('th').text(col);
         });
         treatments.forEach(function (sel) {
             populateTreatmentTable(bottomValueTablebody, sel);
@@ -165,7 +165,7 @@
 
     function addTreatmentProp(tr, value) {
         function addCell(cls, txt) {
-            tr.append('td').attr('class', cls).html(txt);
+            tr.append('td').attr('class', cls).text(txt);
         }
         addCell('value', value);
     }