Sanitize text that gets sent to Gritter for notifications,

#198
2016-03-31 20:06:46 -05:00 · 2016-03-31 20:06:46 -05:00 · 5bf922325a
parent b2b814a65b
commit 5bf922325a
4 changed files with 9 additions and 7 deletions
--- a/app/app.js
+++ b/app/app.js
@ -75,7 +75,7 @@ angular.module('dockerui', [
                    if (typeof(response.data) === 'string' && response.data.startsWith('Conflict.')) {
                        $.gritter.add({
                            title: 'Error',
-                            text: response.data,
+                            text: $('<div>').text(response.data).html(),
                            time: 10000
                        });
                    }
--- a/app/shared/services.js
+++ b/app/shared/services.js
@ -1,4 +1,4 @@
-angular.module('dockerui.services', ['ngResource'])
+angular.module('dockerui.services', ['ngResource', 'ngSanitize'])
    .factory('Container', ['$resource', 'Settings', function ContainerFactory($resource, Settings) {
        'use strict';
        // Resource for interacting with the docker containers
@ -171,13 +171,13 @@ angular.module('dockerui.services', ['ngResource'])
            }
        };
    })
-    .factory('Messages', ['$rootScope', function MessagesFactory($rootScope) {
+    .factory('Messages', ['$rootScope', '$sanitize', function MessagesFactory($rootScope, $sanitize) {
        'use strict';
        return {
            send: function (title, text) {
                $.gritter.add({
-                    title: title,
-                    text: text,
+                    title: $sanitize(title),
+                    text: $sanitize(text),
                    time: 2000,
                    before_open: function () {
                        if ($('.gritter-item-wrapper').length === 3) {
@ -188,8 +188,8 @@ angular.module('dockerui.services', ['ngResource'])
            },
            error: function (title, text) {
                $.gritter.add({
-                    title: title,
-                    text: text,
+                    title: $sanitize(title),
+                    text: $sanitize(text),
                    time: 10000,
                    before_open: function () {
                        if ($('.gritter-item-wrapper').length === 4) {
--- a/bower.json
+++ b/bower.json
@ -23,6 +23,7 @@
  "dependencies": {
    "Chart.js": "1.0.2",
    "angular": "1.3.15",
+    "angular-sanitize": "1.3.15",
    "angular-bootstrap": "0.12.0",
    "angular-mocks": "1.3.15",
    "angular-oboe": "*",
--- a/gruntFile.js
+++ b/gruntFile.js
@ -153,6 +153,7 @@ module.exports = function (grunt) {
            },
            angular: {
                src: ['bower_components/angular/angular.js',
+                    'bower_components/angular-sanitize/angular-sanitize.js',
                    'bower_components/angular-route/angular-route.js',
                    'bower_components/angular-resource/angular-resource.js',
                    'bower_components/angular-bootstrap/ui-bootstrap-tpls.js',