vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Make sure we use the sanitized command everywhere we are injecting HTML

Browse source
This commit is contained in:
Joseph Schorr 2014-01-14 15:26:31 -05:00
parent 6ae9485038
commit e7e39e6146
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
static/js/controllers.js
View file

@ -59,7 +59,7 @@ function GuideCtrl($scope) {
function SecurityCtrl($scope) {
}
function RepoListCtrl($scope, Restangular, UserService, ApiService) {
function RepoListCtrl($scope, $sanitize, Restangular, UserService, ApiService) {
$scope.namespace = null;
$scope.page = 1;
$scope.publicPageCount = null;
@ -562,6 +562,11 @@ function RepoCtrl($scope, $sanitize, Restangular, ApiService, $routeParams, $roo
});
};
var getSanitizedCommand = function(command) {
var formatted = getFormattedCommand(command);
return $sanitize(formatted);
};
var listImages = function() {
var params = {'repository': namespace + '/' + name};
$scope.imageHistory = ApiService.listRepositoryImagesAsResource(params).get(function(resp) {
@ -582,7 +587,7 @@ function RepoCtrl($scope, $sanitize, Restangular, ApiService, $routeParams, $roo
// Create the new tree.
$scope.tree = new ImageHistoryTree(namespace, name, resp.images,
getFirstTextLine, $scope.getTimeSince, $scope.getFormattedCommand);
getFirstTextLine, $scope.getTimeSince, getSanitizedCommand);
$scope.tree.draw('image-history-container');