add global html sanitizer

2024-11-07 01:25:16 +00:00 · 2014-10-15 20:55:29 +08:00 · 2014-10-15 20:55:29 +08:00 · f483b61cfb
commit f483b61cfb
parent c2331988db
2 changed files with 11 additions and 2 deletions
--- a/rd_ui/app/scripts/filters.js
+++ b/rd_ui/app/scripts/filters.js
@ -75,4 +75,13 @@ angular.module('redash.filters', []).
      }
      return $sce.trustAsHtml(marked(text));
    }
-  }]);
+  }])
+
+  .filter('trustAsHtml', ['$sce', function ($sce) {
+    return function (text) {
+      if (!text) {
+        return "";
+      }
+      return $sce.trustAsHtml(text);
+    }
+  }]);
--- a/rd_ui/app/views/new_widget_form.html
+++ b/rd_ui/app/views/new_widget_form.html
@ -28,7 +28,7 @@
                            <ui-select-choices repeat="q in queries"
                                               refresh="searchQueries($select.search)"
                                               refresh-delay="0">
-                                <div ng-bind-html="q.name | highlight: $select.search | markdown"></div>
+                                <div ng-bind-html="q.name | highlight: $select.search | trustAsHtml"></div>
                            </ui-select-choices>
                        </ui-select>
                    </div>