Escaped the error message in the repositories page.

varshavaradarajan · varshavaradarajan · commit 6909484c9f5a · 2016-07-19T13:39:06.000+05:30
diff --git a/server/webapp/WEB-INF/rails.new/app/assets/javascripts/package_repository_configuration.js b/server/webapp/WEB-INF/rails.new/app/assets/javascripts/package_repository_configuration.js
@@ -83,8 +83,8 @@ PackageRepositoryConfiguration = function (pluginsContainer, configurationContai
                 invisible_field_errors.push(result.fieldErrors[field])
             }
             var divFieldContainer = inputField.parent();
-            jQuery(divFieldContainer).addClass("error")
-            jQuery(divFieldContainer).append("<span class='error'>" + result.fieldErrors[field] + "</span>");
+            jQuery(divFieldContainer).addClass("error");
+            jQuery(divFieldContainer).append(jQuery("<span class='error'></span>").text(result.fieldErrors[field]));
         }
         displayErrorMessagesOnVisibleFields(invisible_field_errors)
     }
diff --git a/server/webapp/WEB-INF/rails.new/spec/javascripts/package_repository_configuration_spec.js b/server/webapp/WEB-INF/rails.new/spec/javascripts/package_repository_configuration_spec.js
@@ -118,11 +118,11 @@ describe("package_repository_configuration", function () {
         assertEquals("No form submit errors should be found", "", jQuery('#ajax_form_submit_errors').html());
     });
 
-    it("testShouldSetErrorOnRelevantFieldsOnFailure", function () {
+    it("testShouldSetErrorOnRelevantFieldsOnFailureAfterEscaping", function () {
         var wasCalled = false;
         AjaxForm.jquery_ajax_submit = function (form, handler, about_to_submit_handler, form_error_binding_callback) {
             wasCalled = true;
-            var responseText = '{"fieldErrors":{"field1":["error 1"]},"globalErrors":["global1","global2"],"message":"Save failed","isSuccessful":false,"subjectIdentifier":"id"}';
+            var responseText = '{"fieldErrors":{"field1":["<error 1>"]},"globalErrors":["global1","global2"],"message":"Save failed","isSuccessful":false,"subjectIdentifier":"id"}';
             var xhr = function
                 () {
                 return {
@@ -135,7 +135,8 @@ describe("package_repository_configuration", function () {
         jQuery("#package_repositories_edit_form").submit();
         assertEquals(true, wasCalled);
         assertEquals("fieldWithErrors class should be added", 1, jQuery(".field.error [name='field1']").length);
-        assertEquals("field error should be added", "error 1", jQuery("span.error").html());
+        assertEquals("field error should be added", "&lt;error 1&gt;", jQuery("span.error").html());
+
     });
 
     it("testShouldDisplayErrorMessagesOnInvisibleFieldsAsGlobalErrors", function () {

Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,8 @@ PackageRepositoryConfiguration = function (pluginsContainer, configurationContai`
`83`	`83`	`invisible_field_errors.push(result.fieldErrors[field])`
`84`	`84`	`}`
`85`	`85`	`var divFieldContainer = inputField.parent();`
`86`		`- jQuery(divFieldContainer).addClass("error")`
`87`		`- jQuery(divFieldContainer).append("<span class='error'>" + result.fieldErrors[field] + "</span>");`
	`86`	`+ jQuery(divFieldContainer).addClass("error");`
	`87`	`+ jQuery(divFieldContainer).append(jQuery("<span class='error'></span>").text(result.fieldErrors[field]));`
`88`	`88`	`}`
`89`	`89`	`displayErrorMessagesOnVisibleFields(invisible_field_errors)`
`90`	`90`	`}`