Skip to content

Commit

Permalink
Sanitize test plan name in tree_view_html()
Browse files Browse the repository at this point in the history
  • Loading branch information
atodorov committed Jul 4, 2023
1 parent 1ae51fc commit 195ea53
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion tcms/testplans/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

from tcms.core.history import KiwiHistoricalRecords
from tcms.core.models.base import UrlMixin
from tcms.core.templatetags.extra_filters import bleach_input
from tcms.management.models import Version
from tcms.testcases.models import TestCasePlan

Expand Down Expand Up @@ -213,6 +214,7 @@ def tree_view_html(self):
if test_plan.pk == self.pk:
active_class = "active"

plan_name = bleach_input(test_plan.name)
result += f"""
<!-- begin-node -->
<div class="list-group-item {active_class}" style="border: none">
Expand All @@ -228,7 +230,7 @@ def tree_view_html(self):
<div class="list-view-pf-description">
<div class="list-group-item-text">
<a href="{test_plan.get_absolute_url()}">
TP-{test_plan.pk}: {test_plan.name}
TP-{test_plan.pk}: {plan_name}
</a>
</div>
</div>
Expand Down

0 comments on commit 195ea53

Please # to comment.