From 9afdf3c2990923a354a13ce04bcf68a4c5048669 Mon Sep 17 00:00:00 2001
From: Sida Chen <sidchen@redhat.com>
Date: Tue, 12 Mar 2019 18:24:44 -0400
Subject: [PATCH] Fix XSS injection when changing service key friendly name

---
 static/js/directives/ui/service-keys-manager.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/static/js/directives/ui/service-keys-manager.js b/static/js/directives/ui/service-keys-manager.js
index 636385019..295aa2692 100644
--- a/static/js/directives/ui/service-keys-manager.js
+++ b/static/js/directives/ui/service-keys-manager.js
@@ -11,7 +11,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
     scope: {
       'isEnabled': '=isEnabled'
     },
-    controller: function($scope, $element, ApiService, TableService, UIService) {
+    controller: function($scope, $element, $sanitize, ApiService, TableService, UIService) {
       $scope.options = {
         'filter': null,
         'predicate': 'expiration_datetime',
@@ -98,7 +98,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
       $scope.showChangeName = function(key) {
         bootbox.prompt({
           'size': 'small',
-          'title': 'Enter a friendly name for key ' + $scope.getKeyTitle(key),
+          'title': 'Enter a friendly name for key ' + $sanitize($scope.getKeyTitle(key)),
           'value': key.name || '',
           'callback': function(value) {
             if (value != null) {