diff --git a/avAdmin/admin-directives/create/create.html b/avAdmin/admin-directives/create/create.html index 4f2b86fd..c14c05c9 100644 --- a/avAdmin/admin-directives/create/create.html +++ b/avAdmin/admin-directives/create/create.html @@ -9,7 +9,7 @@

[i18next]({'title': election.title, 'index': $index+1})avAdmin.ba - + diff --git a/avAdmin/admin-directives/create/create.js b/avAdmin/admin-directives/create/create.js index 6e07850b..68000293 100644 --- a/avAdmin/admin-directives/create/create.js +++ b/avAdmin/admin-directives/create/create.js @@ -26,6 +26,7 @@ angular.module('avAdmin') ElectionsApi, $state, $stateParams, + $sanitize, $i18next, $filter, $modal, @@ -69,11 +70,11 @@ angular.module('avAdmin') } function logInfo(text) { - scope.log += "

" + text + "

"; + scope.log += "

" + $sanitize(text) + "

"; } function logError(text) { - scope.log += "

" + text + "

"; + scope.log += "

" + $sanitize(text) + "

"; } function validateEmail(email) { var re = /^[^\s@]+@[^\s@.]+\.[^\s@.]+$/; @@ -1078,7 +1079,7 @@ angular.module('avAdmin') election: el, error: function (errorMsg) { scope.errors.push({ - data: {message: errorMsg}, + data: {message: $sanitize($sanitize)(errorMsg)}, key: "election-census-createel-unknown" }); }, @@ -1316,7 +1317,7 @@ angular.module('avAdmin') data: scope.elections, onError: function (errorKey, errorData) { scope.errors.push({ - data: errorData, + data: $sanitize(errorData), key: errorKey }); } diff --git a/avAdmin/admin-directives/elections/elections.html b/avAdmin/admin-directives/elections/elections.html index da7f22db..fe58db03 100644 --- a/avAdmin/admin-directives/elections/elections.html +++ b/avAdmin/admin-directives/elections/elections.html @@ -84,7 +84,7 @@

{{ draft.title }}
+ ng-bind="draft.description | htmlToText | truncate:150">
@@ -122,7 +122,7 @@

{{ election.title }}
+ ng-bind="election.description | htmlToText | truncate:150">
@@ -142,7 +142,7 @@

{{ childElection.title }}
+ ng-bind="childElection.description | htmlToText | truncate:150">

avAdmin.basic.description.label
avAdmin.sidebar.questions