Replace usage of .html(...) with .text(...) where possible; Wrap input with fs.sanitize(...) where .html() must be used. Change-Id: I39e20b6fb561b3a1801579ca6a86a5f94483e4a9

commit: 4ee25f210602ef1ab49d554b9992d7f009eea411 [log] [tgz]
author: Simon Hunt <simon@onlab.us> Thu May 18 13:10:09 2017 -0700
committer: Ray Milkey <ray@onlab.us> Fri May 19 15:58:42 2017 +0000
tree: 500ddd4368dd5a1fcb20ea774e32d8589b1879f7
parent: 542d75ba1597aca941b528adfd6365ca1e52de61 [diff] [blame]
diff --git a/web/gui/src/main/webapp/app/fw/widget/toolbar.js b/web/gui/src/main/webapp/app/fw/widget/toolbar.js
index 87252ab..b765208 100644
--- a/web/gui/src/main/webapp/app/fw/widget/toolbar.js
+++ b/web/gui/src/main/webapp/app/fw/widget/toolbar.js

@@ -188,7 +188,7 @@
         function rowSetText(text) {
             rowClear();
             currentRow.append('div').classed('tbar-row-text', true)
-                .html(text);
+                .text(text);
         }
 
         function rowAddButton(id, gid, cb, tooltip) {
commit	4ee25f210602ef1ab49d554b9992d7f009eea411	[log] [tgz]
author	Simon Hunt <simon@onlab.us>	Thu May 18 13:10:09 2017 -0700
committer	Ray Milkey <ray@onlab.us>	Fri May 19 15:58:42 2017 +0000
tree	500ddd4368dd5a1fcb20ea774e32d8589b1879f7
parent	542d75ba1597aca941b528adfd6365ca1e52de61 [diff] [blame]