From: Belen Barros Pena <belen.barros.pena@intel.com>
Date: Mon, 2 Feb 2015 17:40:21 +0000 (+0000)
Subject: toasterui: use text() instead of html()
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b96457870b40ba60dd5c86d83c43093d09b70aea;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

toasterui: use text() instead of html()

Use the text() jQuery function instead of the html()
one for security reasons.

Signed-off-by: Belen Barros Pena <belen.barros.pena@intel.com>
---

diff --git a/lib/toaster/toastergui/static/js/layerdetails.js b/lib/toaster/toastergui/static/js/layerdetails.js
index 2793225d0c1..9339ae8bccf 100644
--- a/lib/toaster/toastergui/static/js/layerdetails.js
+++ b/lib/toaster/toastergui/static/js/layerdetails.js
@@ -252,10 +252,10 @@ function layerDetailsPageInit (ctx) {
           break;
       }
 
-      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <span id=\"layer-affected-name\"></span>");
+      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <strong id=\"layer-affected-name\"></strong>");
     }
 
-    alertMsg.children("#layer-affected-name").html("<strong>" + ctx.layerVersion.name + "</strong>");
+    alertMsg.children("#layer-affected-name").text(ctx.layerVersion.name);
     alertMsg.children("#project-affected-name").text(ctx.projectName);
     alertMsg.children("#project-affected-name").attr("href", ctx.projectPageUrl);
     $("#alert-area").show();