Replace usage of .html(...) with .text(...) where possible;
Wrap input with fs.sanitize(...) where .html() must be used.
Change-Id: I39e20b6fb561b3a1801579ca6a86a5f94483e4a9
diff --git a/web/gui/src/main/webapp/app/view/flow/flow.js b/web/gui/src/main/webapp/app/view/flow/flow.js
index 1d2ceaa..a48c63e 100644
--- a/web/gui/src/main/webapp/app/view/flow/flow.js
+++ b/web/gui/src/main/webapp/app/view/flow/flow.js
@@ -94,11 +94,11 @@
topTable = top.append('div').classed('top-content', true)
.append('table');
top.append('hr');
- trmtDiv.append('h2').html('Treatment');
+ trmtDiv.append('h2').text('Treatment');
topTrmtTable = trmtDiv.append('div').classed('top-content', true)
.append('table');
trmtDiv.append('hr');
- selDiv.append('h2').html('Selector');
+ selDiv.append('h2').text('Selector');
topSelTable = selDiv.append('div').classed('top-content', true)
.append('table');
@@ -110,7 +110,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', friendlyProps[index] + ' :');
addCell('value', value);
@@ -120,7 +120,7 @@
var tr = tbody.append('tr');
function addCell(cls, txt) {
- tr.append('td').attr('class', cls).html(txt);
+ tr.append('td').attr('class', cls).text(txt);
}
addCell('label', label + ' :');
addCell('value', value);
@@ -128,7 +128,7 @@
function populateTop(details) {
is.loadEmbeddedIcon(iconDiv, 'flowTable', 40);
- top.select('h2').html(details.flowId);
+ top.select('h2').text(details.flowId);
var tbody = topTable.append('tbody');