vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix XSS injection when changing service key friendly name

Browse source
This commit is contained in:
Sida Chen 2019-03-12 18:24:44 -04:00
parent 21028ab3fa
commit 9afdf3c299
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
static/js/directives/ui/service-keys-manager.js
View file

@ -11,7 +11,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
scope: {
'isEnabled': '=isEnabled'
},
controller: function($scope, $element, ApiService, TableService, UIService) {
controller: function($scope, $element, $sanitize, ApiService, TableService, UIService) {
$scope.options = {
'filter': null,
'predicate': 'expiration_datetime',
@ -98,7 +98,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
$scope.showChangeName = function(key) {
bootbox.prompt({
'size': 'small',
'title': 'Enter a friendly name for key ' + $scope.getKeyTitle(key),
'title': 'Enter a friendly name for key ' + $sanitize($scope.getKeyTitle(key)),
'value': key.name || '',
'callback': function(value) {
if (value != null) {