From a7066a5c856832b68e7046b39be657cc6cf478ad Mon Sep 17 00:00:00 2001 From: BaiJiangJie Date: Tue, 30 Jul 2019 15:10:14 +0800 Subject: [PATCH] [Update] htmlEscape --- apps/perms/templates/perms/asset_permission_list.html | 3 ++- apps/terminal/templates/terminal/terminal_list.html | 5 +++-- apps/users/templates/users/user_group_list.html | 3 ++- apps/users/templates/users/user_list.html | 5 +++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/apps/perms/templates/perms/asset_permission_list.html b/apps/perms/templates/perms/asset_permission_list.html index 122635763..95a92f16b 100644 --- a/apps/perms/templates/perms/asset_permission_list.html +++ b/apps/perms/templates/perms/asset_permission_list.html @@ -174,10 +174,11 @@ function initTable() { } }}, {targets: 8, createdCell: function (td, cellData, rowData) { + var name = htmlEscape(rowData.name); var update_btn = '{% trans "Update" %}'.replace('{{ DEFAULT_PK }}', cellData); var del_btn = '{% trans "Delete" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); if (rowData.inherit) { del_btn = del_btn.replace("mark", "disabled") } diff --git a/apps/terminal/templates/terminal/terminal_list.html b/apps/terminal/templates/terminal/terminal_list.html index 6676a26ab..53325694b 100644 --- a/apps/terminal/templates/terminal/terminal_list.html +++ b/apps/terminal/templates/terminal/terminal_list.html @@ -69,16 +69,17 @@ function initTable() { } }}, {targets: 6, createdCell: function (td, cellData, rowData) { + var name = htmlEscape(rowData.name); var update_btn = '{% trans "Update" %}' .replace('{{ DEFAULT_PK }}', cellData); var delete_btn = '{% trans "Delete" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); var accept_btn = '{% trans "Accept" %} ' .replace('{{ DEFAULT_PK }}', cellData); var reject_btn = '{% trans "Reject" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); if (rowData.is_accepted) { $(td).html(update_btn + delete_btn); } else { diff --git a/apps/users/templates/users/user_group_list.html b/apps/users/templates/users/user_group_list.html index 8d3bd3245..c2fa87357 100644 --- a/apps/users/templates/users/user_group_list.html +++ b/apps/users/templates/users/user_group_list.html @@ -67,11 +67,12 @@ function initTable() { $(td).html('' + innerHtml + ''); }}, {targets: 4, createdCell: function (td, cellData, rowData) { + var name = htmlEscape(rowData.name); var update_btn = '{% trans "Update" %}' .replace('{{ DEFAULT_PK }}', cellData); var del_btn = '{% trans "Delete" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); if (rowData.id === 1) { $(td).html(update_btn) } else { diff --git a/apps/users/templates/users/user_list.html b/apps/users/templates/users/user_list.html index 0c74640de..a2bfde461 100644 --- a/apps/users/templates/users/user_list.html +++ b/apps/users/templates/users/user_list.html @@ -97,6 +97,7 @@ function initTable() { } }}, {targets: 7, createdCell: function (td, cellData, rowData) { + var name = htmlEscape(rowData.name); var update_btn = ""; if (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin')) { update_btn = '{% trans "Update" %}'; @@ -109,11 +110,11 @@ function initTable() { if (rowData.id === 1 || rowData.username === "admin" || rowData.username === "{{ request.user.username }}" || (rowData.role === 'Admin' && ('{{ request.user.role }}' !== 'Admin'))) { del_btn = '{% trans "Delete" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); } else { del_btn = '{% trans "Delete" %}' .replace('{{ DEFAULT_PK }}', cellData) - .replace('99991938', rowData.name); + .replace('99991938', name); } $(td).html(update_btn + del_btn) }}],