AMBARI-11648 Widgets: clone does not escape chars. (atkach)

ambari-web/app/mixins/common/widgets/widget_mixin.js

@@ -17,6 +17,7 @@
  */
 
 var App = require('app');
+var stringUtils = require('utils/string_utils');
 
 App.WidgetMixin = Ember.Mixin.create({
 
@@ -494,7 +495,7 @@ App.WidgetMixin = Ember.Mixin.create({
       function () {
         self.postWidgetDefinition(true);
       },
-      Em.I18n.t('widget.clone.body').format(self.get('content.widgetName')),
+      Em.I18n.t('widget.clone.body').format(stringUtils.htmlEntities(self.get('content.widgetName'))),
       null,
       null,
       Em.I18n.t('common.clone')

ambari-web/app/utils/string_utils.js

@@ -204,5 +204,15 @@ module.exports = {
       return plural;
     }
     return singular;
+  },
+
+  /**
+   * decode html entities
+   * @param {string} string
+   * @returns {string}
+   */
+  htmlEntities: function (string) {
+    if (typeof string !== 'string') return "";
+    return $("<div/>").text(string).html();
   }
 };

ambari-web/test/utils/string_utils_test.js

@@ -241,4 +241,18 @@ describe('string_utils', function () {
       });
     });
   });
+
+  describe("#htmlEntities()", function() {
+    var tests = [
+      {t: undefined, e: ''},
+      {t: '', e: ''},
+      {t: 'abc', e: 'abc'},
+      {t: 'abc<script>abc', e: 'abc&lt;script&gt;abc'}
+    ];
+    tests.forEach(function(test) {
+      it('Check ' + typeof test.t, function () {
+        expect(string_utils.htmlEntities(test.t)).to.equal(test.e);
+      });
+    });
+  });
 });