diff --git a/horizon/static/horizon/js/horizon.instances.js b/horizon/static/horizon/js/horizon.instances.js index 942160e8c2..017d8023d5 100644 --- a/horizon/static/horizon/js/horizon.instances.js +++ b/horizon/static/horizon/js/horizon.instances.js @@ -45,25 +45,19 @@ horizon.instances = { * Initializes an associative array of lists of the current * networks. **/ - init_network_list: function() { + init_network_list: function () { horizon.instances.networks_selected = []; horizon.instances.networks_available = []; - $(this.get_network_element("")).each(function(){ + $(this.get_network_element("")).each(function () { var $this = $(this); var $input = $this.children("input"); - var name = $this.text().replace(/^\s+/,"") - .replace(/&/g, '&') - .replace(//g, '>') - .replace(/"/g, '"') - .replace(/'/g, ''') - .replace(/\//g, '/'); + var name = horizon.escape_html($this.text().replace(/^\s+/, "")); var network_property = { - name:name, - id:$input.attr("id"), - value:$input.attr("value") + "name": name, + "id": $input.attr("id"), + "value": $input.attr("value") }; - if($input.is(':checked')) { + if ($input.is(":checked")) { horizon.instances.networks_selected.push(network_property); } else { horizon.instances.networks_available.push(network_property); diff --git a/horizon/static/horizon/js/horizon.js b/horizon/static/horizon/js/horizon.js index 8fe2544d7c..3caf127ee1 100644 --- a/horizon/static/horizon/js/horizon.js +++ b/horizon/static/horizon/js/horizon.js @@ -28,6 +28,16 @@ var Horizon = function () { initFunctions = []; }; + /* An utility function for escaping HTML to avoid XSS. */ + horizon.escape_html = function (text) { + return text.replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, ''') + .replace(/\//g, '/'); + }; + return horizon; };