use v-text instead of v-html

v-html interprets the string passed to it as raw html, without escaping. We should use v-text wherever possible.
2020-01-14 15:16:21 -05:00
parent d55a81ebdd
commit ffd3dd2d9d
4 changed files with 13 additions and 14 deletions
--- a/templates/portfolios/reports/application_and_env_spending.html
+++ b/templates/portfolios/reports/application_and_env_spending.html
@@ -37,19 +37,19 @@
              <tr>              
                <td>
                  <button v-on:click='toggle($event, applicationIndex)' class='icon-link icon-link--large'>
-                    <span v-html='application.name'></span>
+                    <span v-text='application.name'></span>
                    <template v-if='application.isVisible'>{{ Icon('caret_down') }}</template>
                    <template v-else>{{ Icon('caret_up') }}</template>
                  </button>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(application.this_month || 0)'></span>
+                  <span v-text='formatDollars(application.this_month || 0)'></span>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(application.last_month || 0)'></span>
+                  <span v-text='formatDollars(application.last_month || 0)'></span>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(application.total || 0)'></span>
+                  <span v-text='formatDollars(application.total || 0)'></span>
                </td>
              </tr>
              <tr 
@@ -58,16 +58,16 @@
                v-bind:class="[ index == application.environments.length -1 ? 'reporting-spend-table__env-row--last' : '']"
              >
                <td>
-                  <span class="reporting-spend-table__env-row-label" v-html='environment.name'></span>
+                  <span class="reporting-spend-table__env-row-label" v-text='environment.name'></span>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(environment.this_month || 0)'></span>
+                  <span v-text='formatDollars(environment.this_month || 0)'></span>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(environment.last_month || 0)'></span>
+                  <span v-text='formatDollars(environment.last_month || 0)'></span>
                </td>
                <td class="table-cell--align-right">
-                  <span v-html='formatDollars(environment.total || 0)'></span>
+                  <span v-text='formatDollars(environment.total || 0)'></span>
                </td>
              </tr>
            </template>