diff --git a/ui/Gemfile.lock b/ui/Gemfile.lock
index f79b05b481..13c5505104 100644
--- a/ui/Gemfile.lock
+++ b/ui/Gemfile.lock
@@ -3,7 +3,7 @@ GEM
specs:
execjs (2.3.0)
json (1.8.2)
- libv8 (3.16.14.7)
+ libv8 (3.16.14.15)
ref (1.0.5)
sass (3.4.11)
therubyracer (0.12.1)
@@ -20,3 +20,6 @@ DEPENDENCIES
sass
therubyracer
uglifier
+
+BUNDLED WITH
+ 1.12.5
diff --git a/ui/javascripts/app/helpers.js b/ui/javascripts/app/helpers.js
index b7cd7ed674..49d68c7b3e 100644
--- a/ui/javascripts/app/helpers.js
+++ b/ui/javascripts/app/helpers.js
@@ -24,19 +24,19 @@ Ember.Handlebars.helper('sessionName', function(session) {
var name;
if (session.Name === "") {
- name = '' + session.ID + '';
+ name = '' + Handlebars.Utils.escapeExpression(session.ID) + '';
} else {
- name = '' + session.Name + '' + ' ' + session.ID + '';
+ name = '' + Handlebars.Utils.escapeExpression(session.Name) + '' + ' ' + Handlebars.Utils.escapeExpression(session.ID) + '';
}
return new Handlebars.SafeString(name);
});
Ember.Handlebars.helper('sessionMeta', function(session) {
- var meta = '' + session.Behavior + ' behavior
';
+ var meta = '' + Handlebars.Utils.escapeExpression(session.Behavior) + ' behavior
';
if (session.TTL !== "") {
- meta = meta + ', ' + session.TTL + ' TTL
';
+ meta = meta + ', ' + Handlebars.Utils.escapeExpression(session.TTL) + ' TTL
';
}
return new Handlebars.SafeString(meta);
@@ -46,7 +46,7 @@ Ember.Handlebars.helper('aclName', function(name, id) {
if (name === "") {
return id;
} else {
- return new Handlebars.SafeString(name + ' ' + id + '');
+ return new Handlebars.SafeString(Handlebars.Utils.escapeExpression(name) + ' ' + Handlebars.Utils.escapeExpression(id) + '');
}
});