From e7e39e6146c622603c482de3aea6c6cee5734ed5 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <jschorr@gmail.com>
Date: Tue, 14 Jan 2014 15:26:31 -0500
Subject: [PATCH] Make sure we use the sanitized command everywhere we are
 injecting HTML

---
 static/js/controllers.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/static/js/controllers.js b/static/js/controllers.js
index e159a554b..caadff1fb 100644
--- a/static/js/controllers.js
+++ b/static/js/controllers.js
@@ -59,7 +59,7 @@ function GuideCtrl($scope) {
 function SecurityCtrl($scope) {
 }
 
-function RepoListCtrl($scope, Restangular, UserService, ApiService) {
+function RepoListCtrl($scope, $sanitize, Restangular, UserService, ApiService) {
   $scope.namespace = null;
   $scope.page = 1;
   $scope.publicPageCount = null;
@@ -562,6 +562,11 @@ function RepoCtrl($scope, $sanitize, Restangular, ApiService, $routeParams, $roo
     });
   };
 
+  var getSanitizedCommand = function(command) {
+    var formatted = getFormattedCommand(command);
+    return $sanitize(formatted);
+  };
+
   var listImages = function() {
     var params = {'repository': namespace + '/' + name};    
     $scope.imageHistory = ApiService.listRepositoryImagesAsResource(params).get(function(resp) {
@@ -582,7 +587,7 @@ function RepoCtrl($scope, $sanitize, Restangular, ApiService, $routeParams, $roo
 
       // Create the new tree.
       $scope.tree = new ImageHistoryTree(namespace, name, resp.images,
-          getFirstTextLine, $scope.getTimeSince, $scope.getFormattedCommand);
+          getFirstTextLine, $scope.getTimeSince, getSanitizedCommand);
 
       $scope.tree.draw('image-history-container');