AMBARI-25384: Ambari Files View is Vulnerable to XSS attack (#3490)

contrib/views/files/src/main/resources/ui/app/components/delete-modal.js

@@ -80,7 +80,7 @@ export default Ember.Component.extend(OperationModal, {
           this.set('hasError', true);
           this.set('currentFailedPath', error.failed);
           this.set('currentServerFailureMessage', error.message);
-          this.set('currentFailureMessage', `Failed to delete <strong>${error.failed}</strong>.`);
+          this.set('currentFailureMessage', `Failed to delete <strong>${Ember.Handlebars.Utils.escapeExpression(error.failed)}</strong>.`);
           this.set('shouldRetry', error.retry);
           this.set('currentUnprocessedPaths', error.unprocessed);
         } else {

contrib/views/files/src/main/resources/ui/app/services/alert-messages.js

@@ -75,6 +75,8 @@ export default Ember.Service.extend({
 
   _processMessage: function(type, message, options, alertOptions) {
     this._clearMessagesIfRequired(alertOptions);
+    //escape html characters in the message
+    message = Ember.Handlebars.Utils.escapeExpression(message);
     let alertRecord = this._createAlert(message, type, options, alertOptions);
     if(alertRecord) {
       this.toggleProperty('alertsChanged');