OpenStack Dashboard (Horizon)

  1. Bug #1449260
  2. Comment #4

Comment 4 for bug 1449260

Revision history for this message
Doug Fish (drfish) wrote : Re: Sanitation of metadata label

I've spent a bit of time looking at this. I can confirm the problem.

The problem is in our angular metadata widget. When item.leaf.name is used in html such as in horizon/static/angular/metadata-tree/metadata-tree-item.html it needs to be escaped. I'm not sure if that's better accomplished in the template or the js.