Replace usage of .html(...) with .text(...) where possible;
Wrap input with fs.sanitize(...) where .html() must be used.
Change-Id: I39e20b6fb561b3a1801579ca6a86a5f94483e4a9
diff --git a/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js b/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
index 3be7e0c..6dfb890 100644
--- a/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
+++ b/apps/yang-gui/src/main/resources/app/view/yangModel/yangModel.js
@@ -88,7 +88,7 @@
top.append('hr');
bottom = container.append('div').classed('bottom', true);
- bottom.append('h2').html('YANG Source');
+ bottom.append('h2').text('YANG Source');
srcFrame = bottom.append('div').classed('src-frame', true);
srcDiv = srcFrame.append('div').classed('module-source', true);
@@ -98,12 +98,12 @@
function populateTop(details) {
is.loadEmbeddedIcon(iconDiv, 'nav_yang', 40);
top.select('h2')
- .html('Module ' + details.id + ' (' + details.revision + ')');
+ .text('Module ' + details.id + ' (' + details.revision + ')');
}
function populateBottom(source) {
var src = srcDiv.select('pre');
- src.html(source.join('\n'));
+ src.text(source.join('\n'));
}
function closePanel() {