Sanitize any html stack traces

niemyjski · niemyjski · commit 513f08f24cff · 2015-04-07T12:39:00.000-05:00
diff --git a/src/components/simple-stack-trace/simple-stack-trace-directive.js b/src/components/simple-stack-trace/simple-stack-trace-directive.js
@@ -4,11 +4,11 @@
   angular.module('exceptionless.simple-stack-trace', [
     'exceptionless.simple-error'
   ])
-    .directive('simpleStackTrace', ['simpleErrorService', function (simpleErrorService) {
+    .directive('simpleStackTrace', ['$sanitize', 'simpleErrorService', function ($sanitize, simpleErrorService) {
       function buildStackFrames(exceptions) {
         var frames = '';
         for (var index = 0; index < exceptions.length; index++) {
-          frames += '<div class="stack-frame">' + exceptions[index].stack_trace.replace(' ', '');
+          frames += '<div class="stack-frame">' + $sanitize(exceptions[index].stack_trace.replace(' ', ''));
 
           if (index < (exceptions.length - 1)) {
             frames += '<div>--- End of inner exception stack trace ---</div>';
@@ -33,9 +33,9 @@
             header += ' ---> ';
           }
 
-          header += '<span class="ex-type">' + exceptions[index].type + '</span>';
+          header += '<span class="ex-type">' + $sanitize(exceptions[index].type) + '</span>';
           if (exceptions[index].message) {
-            header += '<span class="ex-message">: ' + exceptions[index].message + '</span>';
+            header += '<span class="ex-message">: ' + $sanitize(exceptions[index].message) + '</span>';
           }
 
           header += '</span>';
diff --git a/src/components/stack-trace/stack-trace-directive.js b/src/components/stack-trace/stack-trace-directive.js
@@ -4,7 +4,7 @@
   angular.module('exceptionless.stack-trace', [
     'exceptionless.error'
   ])
-  .directive('stackTrace', ['errorService', function (errorService) {
+  .directive('stackTrace', ['$sanitize', 'errorService', function ($sanitize, errorService) {
     function buildParameter(parameter) {
       var result = '';
 
@@ -71,7 +71,7 @@
         }
       }
 
-      return result + '\r\n';
+      return $sanitize(result + '\r\n');
     }
 
     function buildStackFrames(exceptions) {
@@ -112,9 +112,9 @@
           header += ' ---> ';
         }
 
-        header += '<span class="ex-type">' + exceptions[index].type + '</span>';
+        header += '<span class="ex-type">' + $sanitize(exceptions[index].type) + '</span>';
         if (exceptions[index].message) {
-          header += '<span class="ex-message">: ' + exceptions[index].message + '</span>';
+          header += '<span class="ex-message">: ' + $sanitize(exceptions[index].message) + '</span>';
         }
 
         header += '</span>';

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`angular.module('exceptionless.stack-trace', [`
`5`	`5`	`'exceptionless.error'`
`6`	`6`	`])`
`7`		`- .directive('stackTrace', ['errorService', function (errorService) {`
	`7`	`+ .directive('stackTrace', ['$sanitize', 'errorService', function ($sanitize, errorService) {`
`8`	`8`	`function buildParameter(parameter) {`
`9`	`9`	`var result = '';`
`10`	`10`
`@@ -71,7 +71,7 @@`
`71`	`71`	`}`
`72`	`72`	`}`
`73`	`73`
`74`		`- return result + '\r\n';`
	`74`	`+ return $sanitize(result + '\r\n');`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`function buildStackFrames(exceptions) {`
`@@ -112,9 +112,9 @@`
`112`	`112`	`header += ' ---> ';`
`113`	`113`	`}`
`114`	`114`
`115`		`- header += '<span class="ex-type">' + exceptions[index].type + '</span>';`
	`115`	`+ header += '<span class="ex-type">' + $sanitize(exceptions[index].type) + '</span>';`
`116`	`116`	`if (exceptions[index].message) {`
`117`		`- header += '<span class="ex-message">: ' + exceptions[index].message + '</span>';`
	`117`	`+ header += '<span class="ex-message">: ' + $sanitize(exceptions[index].message) + '</span>';`
`118`	`118`	`}`
`119`	`119`
`120`	`120`	`header += '</span>';`