fix(hal browser): fix xss vulnerability

solarmosaic-kflorence · May 13, 2020 · ac56441 · ac56441
1 parent a79ad29
commit ac56441
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/vendor/hal-browser/browser.html b/vendor/hal-browser/browser.html
@@ -63,9 +63,10 @@ <h2>Links</h2>
         <% if ($.isArray(obj)) { %>
           <% _.each(obj, function(link, i) { %>
             <tr>
+              <!-- pact_broker escaping -->
               <td><strong><%= HAL.truncateIfUrl(rel) %></strong></td>
-              <td><%= link.title || '' %></td>
-              <td><%= link.name ? 'name: ' + link.name : 'index: ' + i %></a></td>
+              <td><%- link.title || '' %></td>
+              <td><%- link.name ? 'name: ' + link.name : 'index: ' + i %></a></td>
               <td>
               <% if (HAL.isUrl(rel)) { %>
                 <a class="dox" href="<%= HAL.normalizeUrl(HAL.buildUrl(rel)) %>"><i class="icon-book"></i></a>
@@ -86,8 +87,9 @@ <h2>Links</h2>
         <% } else { %>
           <tr>
             <td><strong><%= HAL.truncateIfUrl(rel) %></strong></td>
-            <td><%= obj.title || '' %></td>
-            <td><%= obj.name || '' %></td>
+            <!-- pact_broker escaping -->
+            <td><%- obj.title || '' %></td>
+            <td><%- obj.name || '' %></td>
             <td>
             <% if (HAL.isUrl(rel)) { %>
               <a class="dox" href="<%= HAL.normalizeUrl(HAL.buildUrl(rel)) %>"><i class="icon-book"></i></a>