SSDM-4453 : Links are now forced to use plain text display names, solves...

SSDM-4453 : Links are now forced to use plain text display names, solves issues with HTML/Javascript injection and webpage refreshes.

SVN: 37421

openbis_standard_technologies/dist/core-plugins/eln-lims/1/as/webapps/eln-lims/html/js/util/FormUtil.js

@@ -822,7 +822,8 @@ var FormUtil = new function() {
 		var click = function() {
 			mainController.changeView(view, permIdOrIdentifier, true);
 		}
-		var link = $("<a>", { "href" : href, "class" : "browser-compatible-javascript-link" }).append(displayName);
+		displayName = String(displayName).replace(/<(?:.|\n)*?>/gm, ''); //Clean any HTML tags
+		var link = $("<a>", { "href" : href, "class" : "browser-compatible-javascript-link" }).text(displayName);
 		link.click(click);
 		return link;
 	}

openbis_standard_technologies/dist/core-plugins/eln-lims/1/as/webapps/eln-lims/html/js/views/SideMenu/SideMenuWidgetView.js

@@ -179,7 +179,8 @@ function SideMenuWidgetView(sideMenuWidgetController, sideMenuWidgetModel) {
     
     this.getLinkForNode = function(displayName, menuId, view, viewData) {
     	var href = Util.getURLFor(menuId, view, viewData);
-        var $menuItemLink = $("<a>", {"href": href, "class" : "browser-compatible-javascript-link browser-compatible-javascript-link-tree" }).append(displayName);
+    	displayName = String(displayName).replace(/<(?:.|\n)*?>/gm, ''); //Clean any HTML tags
+        var $menuItemLink = $("<a>", {"href": href, "class" : "browser-compatible-javascript-link browser-compatible-javascript-link-tree" }).text(displayName);
         return $menuItemLink[0].outerHTML;
     }