diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
index 369b0f65ae..c2f8151db8 100644
--- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
+++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
@@ -826,7 +826,7 @@
 	              								 .attr('placeholder','Select component');
 	              var optionList = _.keys(this.servicePerms);
 	              _.each(optionList, function (val, el) {
-	            	  $selectComp.append("<option>" + val + "</option>");
+                      $selectComp.append("<option>" + _.escape(val) + "</option>");
 	              }); 
 	              var $table = $('<table>', {'class':'table table-policy-condition table-perms margin-top-6' });
 	              var $tbody = $('<tbody><tr><th><input type="checkbox" data-id="selectAllComponent" /> Component</th><td><strong>Permissions</strong></td></tr></tbody>');
@@ -939,7 +939,7 @@
 	             }
 	          },
 	          addTr : function(compName){
-        		  var $tr = $('<tr data-id="'+compName+'">'), $th = $('<th>'), $label = '<label><input type="checkbox" data-id="selectall" data-type="'+compName+'"></label>'+compName;
+                  var $tr = $('<tr data-id="'+_.escape(compName)+'">'), $th = $('<th>'), $label = '<label><input type="checkbox" data-id="selectall" data-type="'+_.escape(compName)+'"></label>'+_.escape(compName);
         		  var $tmp = $th.append($label);
         		  var $td = $('<td>');
         		  var permissions = this.servicePerms[compName]
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 3c5907099a..cf4afe4c4b 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -213,7 +213,7 @@ define(function(require) {
 		$.notify({
 			icon: 'fa-fw fa fa-exclamation-circle',
 			title: '<strong>Info!</strong>',
-			message: text
+			message: _.escape(text)
 		});
 	};
 
@@ -231,7 +231,7 @@ define(function(require) {
 		$.notify({
 			icon: 'fa-fw fa fa-exclamation-triangle',
 			title: '<strong>Error!</strong>',
-			message: text
+			message: _.escape(text)
 		},{
 			type: 'danger',
 		});
@@ -251,7 +251,7 @@ define(function(require) {
 		$.notify({
 			icon: 'fa-fw fa fa-check-circle',
 			title: '<strong>Success!</strong>',
-			message: text
+			message: _.escape(text)
 		},{
 			type: 'success'
 		});
diff --git a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
index 0116492002..9af2512dc9 100755
--- a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
@@ -200,7 +200,7 @@ define(function(require){
 						fromRaw: function (rawValue) {
 							var html = '';
 							_.each(rawValue, function(val, key) {
-								html += key+' <i class="fa-fw fa fa-long-arrow-right fa-fw fa fa-3"></i>  '+val+'<br/>';
+								html += _.escape(key)+' <i class="fa-fw fa fa-long-arrow-right fa-fw fa fa-3"></i>  '+_.escape(val)+'<br/>';
 							});
 							return html;
 						}	
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
index 7b8c4c8099..ef3e8f67f6 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
@@ -138,13 +138,13 @@ define(function(require) {
             if(userListData &&!_.isEmpty(userListData)) {
                 var i , j;
                 for(var i=0,j=0; i<=j+200 && userListData.length > i; i++){
-                    that.$el.find('.selectedUserList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+userListData[i].userId+'"></i>&nbsp;'+userListData[i].userName+'</span>')
+                    that.$el.find('.selectedUserList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+userListData[i].userId+'"></i>&nbsp;'+_.escape(userListData[i].userName)+'</span>')
                 }
                 that.$el.find('.selectedUserList').scroll(function(position) {
                     if (position.currentTarget.scrollHeight <= (position.currentTarget.clientHeight + position.currentTarget.scrollTop) + 10) {
                         j = i;
                         for(i; i<=j+200 && userListData.length > i; i++){
-                            that.$el.find('.selectedUserList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+userListData[i].userId+'"></i>&nbsp;'+userListData[i].userName+'</span>')
+                            that.$el.find('.selectedUserList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+userListData[i].userId+'"></i>&nbsp;'+_.escape(userListData[i].userName)+'</span>')
                         }
                         that.$el.find('[data-js="selectedUserList"] span i').on('click', that.removeUser.bind(that));
                     }
@@ -157,13 +157,13 @@ define(function(require) {
             if (groupListData && !_.isEmpty(groupListData)) {
                 var m , n;
                 for(var m=0,n=0; m<=n+200 && groupListData.length > m; m++){
-                    that.$el.find('.selectedGroupList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+groupListData[m].groupId+'"></i>&nbsp;'+groupListData[m].groupName+'</span>')
+                    that.$el.find('.selectedGroupList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+groupListData[m].groupId+'"></i>&nbsp;'+_.escape(groupListData[m].groupName)+'</span>')
                 }
                 that.$el.find('.selectedGroupList').scroll(function(position) {
                     if (position.currentTarget.scrollHeight <= (position.currentTarget.clientHeight + position.currentTarget.scrollTop) + 10) {
                         n = m;
                         for(m; m<=n+200 && groupListData.length > m; m++){
-                            that.$el.find('.selectedGroupList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+groupListData[m].groupId+'"></i>&nbsp;'+groupListData[m].groupName+'</span>')
+                            that.$el.find('.selectedGroupList').append('<span class="selected-widget"><i class="icon remove fa-fw fa fa-remove" data-id="'+groupListData[m].groupId+'"></i>&nbsp;'+_.escape(groupListData[m].groupName)+'</span>')
                         }
                         that.$el.find('[data-js="selectedGroupList"] span i').on('click', that.removeGroup.bind(that));
                     }
@@ -253,7 +253,7 @@ define(function(require) {
 			var vals = [],selectedVals = [];
                         var added = options.textKey == 'groupName' ? this.addedGroups : this.addedUsers;
                         if(!_.isEmpty(added)){
-                                selectedVals = _.map(added, function(obj){ return obj.text; });
+                                selectedVals = _.map(added, function(obj){ return _.escape(obj.text); });
 			}
 			vals.push.apply(vals , selectedVals);
 			return vals;
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index ca3db854db..cd3730bbaf 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -347,7 +347,7 @@ define(function(require) {
                         	if(!_.isUndefined(id)){
                         		var obj = _.findWhere(that.rangerServiceDefModel.attributes.accessTypes,{'name' : id});
 								permTypeArr.push({permType : obj.value});
-								return "<span class='badge badge-info'>" + obj.label + "</span>";
+								return "<span class='badge badge-info'>" + _.escape(obj.label) + "</span>";
                         	}
                         });
                         var items=[];
@@ -529,7 +529,7 @@ define(function(require) {
 						if(!_.isUndefined(id)){
 							var obj = _.findWhere(srcData,{'value' : id});
 							permTypeArr.push({permType : obj.value});
-							return "<span class='badge badge-info'>" + id.substr(0,id.indexOf(":")).toUpperCase() + "</span>";
+							return "<span class='badge badge-info'>" + _.escape(id.substr(0,id.indexOf(":"))).toUpperCase() + "</span>";
 						}
 					});
 					var items=[];
@@ -641,8 +641,8 @@ define(function(require) {
 						$(this).siblings('[data-id="maskTypeCustom"]').val(" ");
 					}
 					
-					$(this).html("<span class='badge badge-info'>"+ value.substr(0,value.indexOf(":")).toUpperCase() +" : "
-							+ obj.text +"</span>");
+					$(this).html("<span class='badge badge-info'>"+ _.escape(value.substr(0,value.indexOf(":"))).toUpperCase() +" : "
+							+ _.escape(obj.text) +"</span>");
 					that.ui.addMaskingTypeSpan.find('i').attr('class', 'fa-fw fa fa-pencil');
 					that.ui.addMaskingTypeSpan.attr('title','edit');
 				},
@@ -946,7 +946,7 @@ define(function(require) {
                                                 $(this).siblings('[data-id="maskTypeCustom"]').val(" ")
 					}
 					
-					$(this).html("<span class='badge badge-info'>" + obj.text + "</span>");
+					$(this).html("<span class='badge badge-info'>" + _.escape(obj.text) + "</span>");
 					that.ui.addMaskingTypeSpan.find('i').attr('class', 'fa-fw fa fa-pencil');
 					that.ui.addMaskingTypeSpan.attr('title','edit');
 				},
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js
index d6c5295c18..734b9e7afb 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js
@@ -70,7 +70,7 @@ define(function(require){
                         if(m.type == inputFieldName){
                             tag = _.map(m.values.filter(Boolean), function(val){
                                 if(!_.isEmpty(val)){
-                                    return{'id':_.escape(val), 'text':_.escape(val)}
+                                    return{'id':val, 'text':val}
                                 }
                             });
                         }
@@ -88,7 +88,7 @@ define(function(require){
                         callback(tag);
                     },
                     createSearchChoice: function(term, data) {
-                        term = _.escape(term);
+                        term = term;
                         if ($(data).filter(function() {
                             return this.text.localeCompare(term) === 0;
                         }).length === 0) {
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index 118dfe215c..394b161add 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -239,7 +239,7 @@ define(function(require){
                     _.each(that.model.get('conditions'), function(val){
                         console.log(that);
                         var conditionName = that.rangerServiceDefModel.get('policyConditions').find(function(m){return m.name == val.type});
-                        $data.push('<tr><td width="40%">'+_.escape(conditionName.label)+'</td><td width="60%">'+(val.values).toString()+'</td></tr>')
+                        $data.push('<tr><td width="40%">'+_.escape(conditionName.label)+'</td><td width="60%">'+_.escape((val.values).toString())+'</td></tr>')
                     });
                     if($data.length > 0){
                         that.$el.find(that.ui.conditionData).html($data);
diff --git a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
index 40cfd6d62a..6b38948497 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
@@ -243,9 +243,9 @@ define(function(require){
 			this.collection.each(function(m){
 				if(m.get('attributeName') == 'Group Name'){
 					if(m.get('action') == 'create' || m.get('action') == 'update')
-						that.newGroupList.push(m.get('parentObjectName'));
+						that.newGroupList.push(_.escape(m.get('parentObjectName')));
 					if(m.get('action') == 'delete' || m.get('action') == 'update')
-						that.previousGroupList.push(m.get('parentObjectName'));
+						that.previousGroupList.push(_.escape(m.get('parentObjectName')));
 					modelArr.push(m);
 				} else if(m.get('attributeName') == 'User Role'){
 					var newRole;
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index ebdd2a0b26..b7bae7b1bb 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -384,9 +384,9 @@ define(function(require) {'use strict';
 							var access_str = '';
 							_.each(model.get('accesses'),function(access,index){
 								if(index < 4){
-                                                                        access_str += '<span class="badge badge-info cellWidth-1 float-left-margin-2" access-policy-id="'+model.cid+'" style="">' + access.type+'</span>'  + " ";
+                                                                        access_str += '<span class="badge badge-info cellWidth-1 float-left-margin-2" access-policy-id="'+model.cid+'" style="">' + _.escape(access.type)+'</span>'  + " ";
 								} else {
-                                                                        access_str += '<span class="badge badge-info cellWidth-1 float-left-margin-2" access-policy-id="'+model.cid+'" style="display:none">' + access.type+'</span>'+ " ";
+                                                                        access_str += '<span class="badge badge-info cellWidth-1 float-left-margin-2" access-policy-id="'+model.cid+'" style="display:none">' + _.escape(access.type)+'</span>'+ " ";
 								}
 							});
 							if(model.get('accesses').length > 4) {
@@ -566,7 +566,7 @@ define(function(require) {'use strict';
 						fromRaw: function (rawValue, model) {
 							var labels ="";
 							if(!_.isUndefined(rawValue) && rawValue.length != 0){
-								return '<span class="badge badge-dark" style="float:inherit;">'+rawValue+'</span>'
+								return '<span class="badge badge-dark" style="float:inherit;">'+_.escape(rawValue)+'</span>'
 							}else{
 								return '<span style="float:inherit;">'+"--"+'</span>';
 							}
diff --git a/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js b/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
index 27e2aaecb5..c518cb2dec 100644
--- a/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
+++ b/security-admin/src/main/webapp/scripts/views/service/AuditFilterConfig.js
@@ -184,7 +184,7 @@ define(function(require) {
                         if(!_.isUndefined(id)){
                             var obj = _.findWhere(that.rangerServiceDefModel.attributes.accessTypes,{'name' : id});
                             permTypeArr.push({permType : obj.value});
-                            return "<span class='badge badge-info'>" + obj.label + "</span>";
+                            return "<span class='badge badge-info'>" + _.escape(obj.label) + "</span>";
                         }
                     });
                     that.model.set('accessTypes', values);
@@ -269,7 +269,7 @@ define(function(require) {
                         if(!_.isUndefined(id)){
                             var obj = _.findWhere(srcData,{'value' : id});
                             permTypeArr.push({permType : obj.value});
-                            return "<span class='badge badge-info'>" + id.substr(0,id.indexOf(":")).toUpperCase() + "</span>";
+                            return "<span class='badge badge-info'>" + _.escape(id.substr(0,id.indexOf(":"))).toUpperCase() + "</span>";
                         }
                     });
                     // Save form data to model
@@ -391,7 +391,7 @@ define(function(require) {
                         var isRecursive = key.isRecursive ? XAEnums.RecursiveStatus.STATUS_RECURSIVE.label : XAEnums.RecursiveStatus.STATUS_NONRECURSIVE.label;
                         $toggleBtn += '<span class="badge badge-dark pull-right">'+isRecursive+'</span>'
                     }
-                    $dataResources += '<div class="resourcesFilter"><div><b>' + value + '</b>:' + key.values.join(', ') +'</div>' + $toggleBtn +'</div>'
+                    $dataResources += '<div class="resourcesFilter"><div><b>' + value + '</b>:' + _.escape(key.values.join(', ')) +'</div>' + $toggleBtn +'</div>'
                 })
             $dataResources += '</div>'
             this.$el.find('.js-formInput').html($dataResources);
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
index d443327c8e..700e4b8b0b 100755
--- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
@@ -631,7 +631,7 @@ define(function(require){
                     sortable : false,
                     formatter : _.extend({}, Backgrid.CellFormatter.prototype, {
                         fromRaw : function (rawValue,model) {
-                            return ('<div align="center"><button class="userViewicon" title = "View Users" data-js="showUserList" data-name="' + model.get('name')
+                            return ('<div align="center"><button class="userViewicon" title = "View Users" data-js="showUserList" data-name="' + _.escape(model.get('name'))
                                 + '" data-id="' + model.id + '"<font color="black"><i class="fa-fw fa fa-group"> </i></font></button></div>');
                         }
                     }),

'), $label = ''+compName; + var $tr = $('
Component	Permissions
'), $label = ''+_.escape(compName); var $tmp = $th.append($label); var $td = $('	'); var permissions = this.servicePerms[compName] diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 3c5907099a..cf4afe4c4b 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -213,7 +213,7 @@ define(function(require) { $.notify({ icon: 'fa-fw fa fa-exclamation-circle', title: 'Info!', - message: text + message: _.escape(text) }); }; @@ -231,7 +231,7 @@ define(function(require) { $.notify({ icon: 'fa-fw fa fa-exclamation-triangle', title: 'Error!', - message: text + message: _.escape(text) },{ type: 'danger', }); @@ -251,7 +251,7 @@ define(function(require) { $.notify({ icon: 'fa-fw fa fa-check-circle', title: 'Success!', - message: text + message: _.escape(text) },{ type: 'success' }); diff --git a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js index 0116492002..9af2512dc9 100755 --- a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js @@ -200,7 +200,7 @@ define(function(require){ fromRaw: function (rawValue) { var html = ''; _.each(rawValue, function(val, key) { - html += key+' '+val+' '; + html += _.escape(key)+' '+_.escape(val)+' '; }); return html; } diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js index 7b8c4c8099..ef3e8f67f6 100644 --- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js +++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js @@ -138,13 +138,13 @@ define(function(require) { if(userListData &&!_.isEmpty(userListData)) { var i , j; for(var i=0,j=0; i<=j+200 && userListData.length > i; i++){ - that.$el.find('.selectedUserList').append(' '+userListData[i].userName+'') + that.$el.find('.selectedUserList').append(' '+_.escape(userListData[i].userName)+'') } that.$el.find('.selectedUserList').scroll(function(position) { if (position.currentTarget.scrollHeight <= (position.currentTarget.clientHeight + position.currentTarget.scrollTop) + 10) { j = i; for(i; i<=j+200 && userListData.length > i; i++){ - that.$el.find('.selectedUserList').append(' '+userListData[i].userName+'') + that.$el.find('.selectedUserList').append(' '+_.escape(userListData[i].userName)+'') } that.$el.find('[data-js="selectedUserList"] span i').on('click', that.removeUser.bind(that)); } @@ -157,13 +157,13 @@ define(function(require) { if (groupListData && !_.isEmpty(groupListData)) { var m , n; for(var m=0,n=0; m<=n+200 && groupListData.length > m; m++){ - that.$el.find('.selectedGroupList').append(' '+groupListData[m].groupName+'') + that.$el.find('.selectedGroupList').append(' '+_.escape(groupListData[m].groupName)+'') } that.$el.find('.selectedGroupList').scroll(function(position) { if (position.currentTarget.scrollHeight <= (position.currentTarget.clientHeight + position.currentTarget.scrollTop) + 10) { n = m; for(m; m<=n+200 && groupListData.length > m; m++){ - that.$el.find('.selectedGroupList').append(' '+groupListData[m].groupName+'') + that.$el.find('.selectedGroupList').append(' '+_.escape(groupListData[m].groupName)+'') } that.$el.find('[data-js="selectedGroupList"] span i').on('click', that.removeGroup.bind(that)); } @@ -253,7 +253,7 @@ define(function(require) { var vals = [],selectedVals = []; var added = options.textKey == 'groupName' ? this.addedGroups : this.addedUsers; if(!_.isEmpty(added)){ - selectedVals = _.map(added, function(obj){ return obj.text; }); + selectedVals = _.map(added, function(obj){ return _.escape(obj.text); }); } vals.push.apply(vals , selectedVals); return vals; diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js index ca3db854db..cd3730bbaf 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js @@ -347,7 +347,7 @@ define(function(require) { if(!_.isUndefined(id)){ var obj = _.findWhere(that.rangerServiceDefModel.attributes.accessTypes,{'name' : id}); permTypeArr.push({permType : obj.value}); - return "" + obj.label + ""; + return "" + _.escape(obj.label) + ""; } }); var items=[]; @@ -529,7 +529,7 @@ define(function(require) { if(!_.isUndefined(id)){ var obj = _.findWhere(srcData,{'value' : id}); permTypeArr.push({permType : obj.value}); - return "" + id.substr(0,id.indexOf(":")).toUpperCase() + ""; + return "" + _.escape(id.substr(0,id.indexOf(":"))).toUpperCase() + ""; } }); var items=[]; @@ -641,8 +641,8 @@ define(function(require) { $(this).siblings('[data-id="maskTypeCustom"]').val(" "); } - $(this).html(""+ value.substr(0,value.indexOf(":")).toUpperCase() +" : " - + obj.text +""); + $(this).html(""+ _.escape(value.substr(0,value.indexOf(":"))).toUpperCase() +" : " + + _.escape(obj.text) +""); that.ui.addMaskingTypeSpan.find('i').attr('class', 'fa-fw fa fa-pencil'); that.ui.addMaskingTypeSpan.attr('title','edit'); }, @@ -946,7 +946,7 @@ define(function(require) { $(this).siblings('[data-id="maskTypeCustom"]').val(" ") } - $(this).html("" + obj.text + ""); + $(this).html("" + _.escape(obj.text) + ""); that.ui.addMaskingTypeSpan.find('i').attr('class', 'fa-fw fa fa-pencil'); that.ui.addMaskingTypeSpan.attr('title','edit'); }, diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js index d6c5295c18..734b9e7afb 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js @@ -70,7 +70,7 @@ define(function(require){ if(m.type == inputFieldName){ tag = _.map(m.values.filter(Boolean), function(val){ if(!_.isEmpty(val)){ - return{'id':_.escape(val), 'text':_.escape(val)} + return{'id':val, 'text':val} } }); } @@ -88,7 +88,7 @@ define(function(require){ callback(tag); }, createSearchChoice: function(term, data) { - term = _.escape(term); + term = term; if ($(data).filter(function() { return this.text.localeCompare(term) === 0; }).length === 0) { diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js index 118dfe215c..394b161add 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js @@ -239,7 +239,7 @@ define(function(require){ _.each(that.model.get('conditions'), function(val){ console.log(that); var conditionName = that.rangerServiceDefModel.get('policyConditions').find(function(m){return m.name == val.type}); - $data.push('
'+_.escape(conditionName.label)+'	'+(val.values).toString()+'
'+_.escape(conditionName.label)+'	'+_.escape((val.values).toString())+'