From 514b7cf3bf4db33714bc7b58e68c2d0107717c59 Mon Sep 17 00:00:00 2001
From: Belen Barros Pena <belen.barros.pena@intel.com>
Date: Mon, 2 Feb 2015 17:40:21 +0000
Subject: bitbake: toasterui: use text() instead of html()

Use the text() jQuery function instead of the html()
one for security reasons.

(Bitbake rev: b96457870b40ba60dd5c86d83c43093d09b70aea)

Signed-off-by: Belen Barros Pena <belen.barros.pena@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 bitbake/lib/toaster/toastergui/static/js/layerdetails.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'bitbake/lib')

diff --git a/bitbake/lib/toaster/toastergui/static/js/layerdetails.js b/bitbake/lib/toaster/toastergui/static/js/layerdetails.js
index 2793225..9339ae8 100644
--- a/bitbake/lib/toaster/toastergui/static/js/layerdetails.js
+++ b/bitbake/lib/toaster/toastergui/static/js/layerdetails.js
@@ -252,10 +252,10 @@ function layerDetailsPageInit (ctx) {
           break;
       }
 
-      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <span id=\"layer-affected-name\"></span>");
+      alertMsg.append("You have deleted <strong>1</strong> layer from <a id=\"project-affected-name\"></a>: <strong id=\"layer-affected-name\"></strong>");
     }
 
-    alertMsg.children("#layer-affected-name").html("<strong>" + ctx.layerVersion.name + "</strong>");
+    alertMsg.children("#layer-affected-name").text(ctx.layerVersion.name);
     alertMsg.children("#project-affected-name").text(ctx.projectName);
     alertMsg.children("#project-affected-name").attr("href", ctx.projectPageUrl);
     $("#alert-area").show();
-- 
cgit v1.1