[bitbake-devel] [PATCH 02/27] toasterui: use text() instead of html()

Mon Feb 9 18:01:32 UTC 2015

From: Belen Barros Pena <belen.barros.pena at intel.com>

Use the text() jQuery function instead of the html()
one for security reasons.

Signed-off-by: Belen Barros Pena <belen.barros.pena at intel.com>
---
 lib/toaster/toastergui/static/js/layerdetails.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/toaster/toastergui/static/js/layerdetails.js b/lib/toaster/toastergui/static/js/layerdetails.js
index 2793225..9339ae8 100644
--- a/lib/toaster/toastergui/static/js/layerdetails.js
+++ b/lib/toaster/toastergui/static/js/layerdetails.js
@@ -252,10 +252,10 @@ function layerDetailsPageInit (ctx) {
           break;
       }
 
-      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <span id=\"layer-affected-name\"></span>");
+      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <strong id=\"layer-affected-name\"></strong>");
     }
 
-    alertMsg.children("#layer-affected-name").html("<strong>" + ctx.layerVersion.name + "</strong>");
+    alertMsg.children("#layer-affected-name").text(ctx.layerVersion.name);
     alertMsg.children("#project-affected-name").text(ctx.projectName);
     alertMsg.children("#project-affected-name").attr("href", ctx.projectPageUrl);
     $("#alert-area").show();
-- 
1.9.1


