Merge pull request #110 from vrockai/KEYCLOAK-170

KEYCLOAK-170 escape HTML chars in Dialog service

admin-ui/src/main/resources/META-INF/resources/admin/js/services.js

@@ -15,9 +15,16 @@ module.service('Auth', function() {
 
 module.service('Dialog', function($dialog) {
 	var dialog = {};
+
+	var escapeHtml = function(str) {
+		var div = document.createElement('div');
+		div.appendChild(document.createTextNode(str));
+		return div.innerHTML;
+	};
+
 	dialog.confirmDelete = function(name, type, success) {
-		var title = 'Delete ' + type.charAt(0).toUpperCase() + type.slice(1);
-		var msg = '<span class="primary">Are you sure you want to permanently delete the ' + type + ' "' + name + '"?</span>' +
+		var title = 'Delete ' + escapeHtml(type.charAt(0).toUpperCase() + type.slice(1));
+		var msg = '<span class="primary">Are you sure you want to permanently delete the ' + escapeHtml(type) + ' "' + escapeHtml(name) + '"?</span>' +
             '<span>This action can\'t be undone.</span>';
 		var btns = [ {
 			result : 'cancel',