diff --git a/app/coffee/modules/common/confirm.coffee b/app/coffee/modules/common/confirm.coffee index e56b4347..0f2b41fc 100644 --- a/app/coffee/modules/common/confirm.coffee +++ b/app/coffee/modules/common/confirm.coffee @@ -56,9 +56,9 @@ class ConfirmService extends taiga.Service el = angular.element(lightboxSelector) # Render content - el.find("h2.title").html(title) - el.find("span.subtitle").html(subtitle) - el.find("span.message").html(message) + el.find("h2.title").text(title) + el.find("span.subtitle").text(subtitle) + el.find("span.message").text(message) # Assign event handlers el.on "click.confirm-dialog", "a.button-green", debounce 2000, (event) => diff --git a/app/modules/user-timeline/user-timeline-item/user-timeline-item-title.service.coffee b/app/modules/user-timeline/user-timeline-item/user-timeline-item-title.service.coffee index 2d21c17b..f362ddf7 100644 --- a/app/modules/user-timeline/user-timeline-item/user-timeline-item-title.service.coffee +++ b/app/modules/user-timeline/user-timeline-item/user-timeline-item-title.service.coffee @@ -67,9 +67,11 @@ class UserTimelineItemTitle if value == null && timeline.getIn(["data", "value_diff", "key"]) == 'assigned_to' value = @translate.instant('ACTIVITY.VALUES.UNASSIGNED') - return value + new_value = value else - return timeline.getIn(["data", "value_diff", "value"]).first().get(1) + new_value = timeline.getIn(["data", "value_diff", "value"]).first().get(1) + + return _.escape(new_value) sprint_name: (timeline, event) -> url = "project-taskboard:project=timeline.getIn(['data', 'project', 'slug']),sprint=timeline.getIn(['data', 'milestone', 'slug'])" @@ -100,7 +102,7 @@ class UserTimelineItemTitle return @._getLink(url, text) role_name: (timeline, event) -> - return timeline.getIn(['data', 'value_diff', 'value']).keySeq().first() + return _.escape(timeline.getIn(['data', 'value_diff', 'value']).keySeq().first()) } constructor: (@translate) ->