From 72835916907a7c4e95ce920459477a82092bd008 Mon Sep 17 00:00:00 2001
From: Jessica Wang <jessica@cloud.com>
Date: Fri, 16 Mar 2012 11:52:58 -0700
Subject: [PATCH] cloudstack 3.0 UI - XSS - listView - editable field - fix a
 bug that editable field sanitized value twice.

---
 ui/scripts/ui/widgets/listView.js | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ui/scripts/ui/widgets/listView.js b/ui/scripts/ui/widgets/listView.js
index 5120cdf63df..1f23ce61d1b 100644
--- a/ui/scripts/ui/widgets/listView.js
+++ b/ui/scripts/ui/widgets/listView.js
@@ -494,13 +494,13 @@
     $td.addClass('editable');
 
     // Put <td> label into a span
-    var value = $td.html();
-    $('<span></span>').html(_s(value)).appendTo($td.html(''));
+    var sanitizedValue = $td.html();			
+    $('<span></span>').html(sanitizedValue).appendTo($td.html(''));
 
     var $editArea = $('<div></div>').addClass('edit');
     var $editField = $('<input />').addClass('edit').attr({
       type: 'text',
-      value: value
+      value: cloudStack.sanitizeReverse(sanitizedValue)
     });
     var $actionButton = $('<div></div>').addClass('action');
     var $saveButton = $actionButton.clone().addClass('save').attr({
@@ -766,15 +766,15 @@
         if (field.converter) {
           content = _l(field.converter(content, dataItem));
         }
-
-        $td.html(_s(content));
-
-        if (field.editable) createEditField($td).appendTo($td);
-        else {
-          var sanitizedValue = $td.html();
+				
+        if (field.editable) { 
+				  $td.html(_s(content));
+				  createEditField($td).appendTo($td);
+			  }
+        else {          
           $td.html('');
           $td.append(
-            $('<span></span>').html(sanitizedValue)
+            $('<span></span>').html(_s(content))
           );
         }
       });