From 84576ffc0e550ea3683098086a6bc79611741e7b Mon Sep 17 00:00:00 2001
From: Bruno Oliveira da Silva <bruno@abstractj.com>
Date: Thu, 8 Sep 2022 05:43:43 -0300
Subject: [PATCH] Merge pull request from GHSA-w9mf-83w3-fv49

* escape the output of the ui-select2

fixes XSS issue

* removed ES6 Destructuring assignment

* Update themes/src/main/resources/theme/base/admin/resources/js/services.js

Co-authored-by: Jon Koops <jonkoops@gmail.com>

Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
---
 .../theme/base/admin/resources/js/services.js          | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/themes/src/main/resources/theme/base/admin/resources/js/services.js b/themes/src/main/resources/theme/base/admin/resources/js/services.js
index 6855286e2b..b829f7ff6e 100755
--- a/themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -957,15 +957,11 @@ function clientSelectControl($scope, realm, Client) {
         delay: 500,
         allowClear: true,
         query: function (query) {
-            var data = {results: []};
             Client.query({realm: realm, search: true, clientId: query.term.trim(), max: 20}, function(response) {
-                data.results = response;
-                query.callback(data);
+                query.callback({ results: response.map(function (client) {
+                    return { id: client.id, text: client.clientId }
+                });
             });
-        },
-        formatResult: function(object, container, query) {
-            object.text = object.clientId;
-            return object.clientId;
         }
     };
 }