prevent delete role xss
Juanfran
parent
60e86656ee
commit
e2ac1d1470
|
|
@ -95,22 +95,23 @@ class ConfirmService extends taiga.Service
|
||||||
el = angular.element(lightboxSelector)
|
el = angular.element(lightboxSelector)
|
||||||
|
|
||||||
# Render content
|
# Render content
|
||||||
el.find(".title").html(title)
|
el.find(".title").text(title)
|
||||||
el.find(".subtitle").html(subtitle)
|
el.find(".subtitle").text(subtitle)
|
||||||
|
|
||||||
if replacement
|
if replacement
|
||||||
el.find(".replacement").html(replacement)
|
el.find(".replacement").text(replacement)
|
||||||
else
|
else
|
||||||
el.find(".replacement").remove()
|
el.find(".replacement").remove()
|
||||||
|
|
||||||
if warning
|
if warning
|
||||||
el.find(".warning").html(warning)
|
el.find(".warning").text(warning)
|
||||||
else
|
else
|
||||||
el.find(".warning").remove()
|
el.find(".warning").remove()
|
||||||
|
|
||||||
choicesField = el.find(".choices")
|
choicesField = el.find(".choices")
|
||||||
choicesField.html('')
|
choicesField.html('')
|
||||||
_.each choices, (value, key) ->
|
_.each choices, (value, key) ->
|
||||||
|
value = _.escape(value)
|
||||||
choicesField.append(angular.element("<option value='#{key}'>#{value}</option>"))
|
choicesField.append(angular.element("<option value='#{key}'>#{value}</option>"))
|
||||||
|
|
||||||
# Assign event handlers
|
# Assign event handlers
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue