Escape special chars in tooltip & text of TreeBuilder's root

Those two items may contain characters which would make javascript fail later down the road (apostrophes for example). https://bugzilla.redhat.com/show_bug.cgi?id=1594480
ManageIQ · Jun 27, 2018 · 522bded · 522bded
1 parent b391af1
commit 522bded
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/presenters/tree_builder.rb b/app/presenters/tree_builder.rb
@@ -173,7 +173,7 @@ def add_to_sandbox
   end
 
   def add_root_node(nodes)
-    root = nodes.first.merge!(root_options)
+    root = nodes.first.merge!(%i(text tooltip).each_with_object(root_options) { |key, hsh| hsh[key] = ERB::Util.html_escape(hsh[key]) })
     if root[:image]
       root[:image] = ActionController::Base.helpers.image_path(root[:image])
     else