Merge pull request #3409 from KeyboardNerd/xss

Fix XSS injection when changing service key friendly name
This commit is contained in:
Sida Chen 2019-03-12 18:26:58 -04:00 committed by GitHub
commit e7b89f8ab3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -11,7 +11,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
scope: {
'isEnabled': '=isEnabled'
},
controller: function($scope, $element, ApiService, TableService, UIService) {
controller: function($scope, $element, $sanitize, ApiService, TableService, UIService) {
$scope.options = {
'filter': null,
'predicate': 'expiration_datetime',
@ -98,7 +98,7 @@ angular.module('quay').directive('serviceKeysManager', function () {
$scope.showChangeName = function(key) {
bootbox.prompt({
'size': 'small',
'title': 'Enter a friendly name for key ' + $scope.getKeyTitle(key),
'title': 'Enter a friendly name for key ' + $sanitize($scope.getKeyTitle(key)),
'value': key.name || '',
'callback': function(value) {
if (value != null) {