Merge pull request #326 from spadgett/sanitize-log

Sanitize HTML output for log viewer

Author: spadgett

dist/origin-web-common-ui.js

@@ -2604,7 +2604,7 @@ angular.module('openshiftCommonUI').factory('GuidedTourService', function() {
 'use strict';
 
 angular.module("openshiftCommonUI")
-  .factory("HTMLService", function(BREAKPOINTS) {
+  .factory("HTMLService", function($sanitize, BREAKPOINTS) {
     var WINDOW_SIZE_XXS = 'xxs';
     var WINDOW_SIZE_XS = 'xs';
     var WINDOW_SIZE_SM = 'sm';
@@ -2694,13 +2694,13 @@ angular.module("openshiftCommonUI")
         }
 
         // Replace any URLs with links.
-        return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
+        return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
           if (target) {
             return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
           }
 
           return "<a href=\"" + str + "\">" + str + "</a>";
-        });
+        }));
       }
     };
   });

dist/origin-web-common.js

@@ -5850,7 +5850,7 @@ angular.module('openshiftCommonUI').factory('GuidedTourService', function() {
 'use strict';
 
 angular.module("openshiftCommonUI")
-  .factory("HTMLService", ["BREAKPOINTS", function(BREAKPOINTS) {
+  .factory("HTMLService", ["$sanitize", "BREAKPOINTS", function($sanitize, BREAKPOINTS) {
     var WINDOW_SIZE_XXS = 'xxs';
     var WINDOW_SIZE_XS = 'xs';
     var WINDOW_SIZE_SM = 'sm';
@@ -5940,13 +5940,13 @@ angular.module("openshiftCommonUI")
         }
 
         // Replace any URLs with links.
-        return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
+        return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
           if (target) {
             return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
           }
 
           return "<a href=\"" + str + "\">" + str + "</a>";
-        });
+        }));
       }
     };
   }]);

dist/origin-web-common.min.js

@@ -2524,59 +2524,59 @@ closeTooltip: "x"
 },
 cancelTour: u
 };
-}), angular.module("openshiftCommonUI").factory("HTMLService", [ "BREAKPOINTS", function(e) {
+}), angular.module("openshiftCommonUI").factory("HTMLService", [ "$sanitize", "BREAKPOINTS", function(e, t) {
 return {
 WINDOW_SIZE_XXS: "xxs",
 WINDOW_SIZE_XS: "xs",
 WINDOW_SIZE_SM: "sm",
 WINDOW_SIZE_MD: "md",
 WINDOW_SIZE_LG: "lg",
 getBreakpoint: function() {
-return window.innerWidth < e.screenXsMin ? "xxs" : window.innerWidth < e.screenSmMin ? "xs" : window.innerWidth < e.screenMdMin ? "sm" : window.innerWidth < e.screenLgMin ? "md" : "lg";
+return window.innerWidth < t.screenXsMin ? "xxs" : window.innerWidth < t.screenSmMin ? "xs" : window.innerWidth < t.screenMdMin ? "sm" : window.innerWidth < t.screenLgMin ? "md" : "lg";
 },
-isWindowBelowBreakpoint: function(t) {
-switch (t) {
+isWindowBelowBreakpoint: function(e) {
+switch (e) {
 case "xxs":
 return !1;
 
 case "xs":
-return window.innerWidth < e.screenXsMin;
+return window.innerWidth < t.screenXsMin;
 
 case "sm":
-return window.innerWidth < e.screenSmMin;
+return window.innerWidth < t.screenSmMin;
 
 case "md":
-return window.innerWidth < e.screenMdMin;
+return window.innerWidth < t.screenMdMin;
 
 case "lg":
-return window.innerWidth < e.screenLgMin;
+return window.innerWidth < t.screenLgMin;
 
 default:
 return !0;
 }
 },
-isWindowAboveBreakpoint: function(t) {
-switch (t) {
+isWindowAboveBreakpoint: function(e) {
+switch (e) {
 case "xs":
-return window.innerWidth >= e.screenXsMin;
+return window.innerWidth >= t.screenXsMin;
 
 case "sm":
-return window.innerWidth >= e.screenSmMin;
+return window.innerWidth >= t.screenSmMin;
 
 case "md":
-return window.innerWidth >= e.screenMdMin;
+return window.innerWidth >= t.screenMdMin;
 
 case "lg":
-return window.innerWidth >= e.screenLgMin;
+return window.innerWidth >= t.screenLgMin;
 
 default:
 return !0;
 }
 },
-linkify: function(e, t, n) {
-return e ? (n || (e = _.escape(e)), e.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(e) {
-return t ? '<a href="' + e + '" target="' + t + '">' + e + ' <i class="fa fa-external-link" aria-hidden="true"></i></a>' : '<a href="' + e + '">' + e + "</a>";
-})) : e;
+linkify: function(t, n, r) {
+return t ? (r || (t = _.escape(t)), e(t.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(e) {
+return n ? '<a href="' + e + '" target="' + n + '">' + e + ' <i class="fa fa-external-link" aria-hidden="true"></i></a>' : '<a href="' + e + '">' + e + "</a>";
+}))) : t;
 }
 };
 } ]), angular.module("openshiftCommonUI").provider("NotificationsService", function() {

src/ui-services/htmlService.js

@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module("openshiftCommonUI")
-  .factory("HTMLService", function(BREAKPOINTS) {
+  .factory("HTMLService", function($sanitize, BREAKPOINTS) {
     var WINDOW_SIZE_XXS = 'xxs';
     var WINDOW_SIZE_XS = 'xs';
     var WINDOW_SIZE_SM = 'sm';
@@ -91,13 +91,13 @@ angular.module("openshiftCommonUI")
         }
 
         // Replace any URLs with links.
-        return text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
+        return $sanitize(text.replace(/https?:\/\/[A-Za-z0-9._%+-]+[^\s<]*[^\s.,()\[\]{}<>"\u201d\u2019]/gm, function(str) {
           if (target) {
             return "<a href=\"" + str + "\" target=\"" + target + "\">" + str + " <i class=\"fa fa-external-link\" aria-hidden=\"true\"></i></a>";
           }
 
           return "<a href=\"" + str + "\">" + str + "</a>";
-        });
+        }));
       }
     };
   });