aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/sonar-web/package.json1
-rw-r--r--server/sonar-web/src/main/js/apps/quality-profiles/views/ChangeProjectsView.js3
-rw-r--r--server/sonar-web/src/main/js/main/processes.js3
3 files changed, 5 insertions, 2 deletions
diff --git a/server/sonar-web/package.json b/server/sonar-web/package.json
index efc4aaea629..e44e6d19da4 100644
--- a/server/sonar-web/package.json
+++ b/server/sonar-web/package.json
@@ -29,6 +29,7 @@
"css-loader": "0.23.1",
"d3": "3.5.6",
"enzyme": "2.2.0",
+ "escape-html": "1.0.3",
"eslint": "^3.4.0",
"eslint-plugin-import": "^1.14.0",
"eslint-plugin-react": "^6.2.0",
diff --git a/server/sonar-web/src/main/js/apps/quality-profiles/views/ChangeProjectsView.js b/server/sonar-web/src/main/js/apps/quality-profiles/views/ChangeProjectsView.js
index 5292bfa183e..e2c1178a73b 100644
--- a/server/sonar-web/src/main/js/apps/quality-profiles/views/ChangeProjectsView.js
+++ b/server/sonar-web/src/main/js/apps/quality-profiles/views/ChangeProjectsView.js
@@ -17,6 +17,7 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import escapeHtml from 'escape-html';
import ModalFormView from '../../../components/common/modal-form';
import Template from '../templates/quality-profiles-change-projects.hbs';
import { translate } from '../../../helpers/l10n';
@@ -40,7 +41,7 @@ export default ModalFormView.extend({
readOnly: false,
focusSearch: false,
format (item) {
- return item.name;
+ return escapeHtml(item.name);
},
selectUrl: window.baseUrl + '/api/qualityprofiles/add_project',
deselectUrl: window.baseUrl + '/api/qualityprofiles/remove_project',
diff --git a/server/sonar-web/src/main/js/main/processes.js b/server/sonar-web/src/main/js/main/processes.js
index 48f4cfe81ed..98ac39b6e14 100644
--- a/server/sonar-web/src/main/js/main/processes.js
+++ b/server/sonar-web/src/main/js/main/processes.js
@@ -21,6 +21,7 @@ import $ from 'jquery';
import _ from 'underscore';
import Backbone from 'backbone';
import Marionette from 'backbone.marionette';
+import escapeHtml from 'escape-html';
import { translate } from '../helpers/l10n';
import { getCSRFTokenName, getCSRFTokenValue } from '../helpers/request';
@@ -160,7 +161,7 @@ function handleAjaxError (jqXHR) {
if (jqXHR.responseJSON != null && jqXHR.responseJSON.errors != null) {
message = _.pluck(jqXHR.responseJSON.errors, 'msg').join('. ');
}
- failBackgroundProcess(jqXHR.processId, message);
+ failBackgroundProcess(jqXHR.processId, escapeHtml(message));
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 07:45:05 +0000