From a7e47faa6172b8920845d648a97b53cc0b8155ef Mon Sep 17 00:00:00 2001
From: zmagod <zmago_devetak@yahoo.com>
Date: Tue, 10 Jul 2018 10:58:39 +0200
Subject: [PATCH] sanitizes the report name on repors index page [fixes
 SCI-2600]

---
 app/datatables/report_datatable.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/datatables/report_datatable.rb b/app/datatables/report_datatable.rb
index 3edd0e934..5427af0e3 100644
--- a/app/datatables/report_datatable.rb
+++ b/app/datatables/report_datatable.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class ReportDatatable < CustomDatatable
+  include InputSanitizeHelper
+
   TABLE_COLUMNS = %w(
     Views::Datatables::DatatablesReport.project_name
     Views::Datatables::DatatablesReport.name
@@ -31,10 +33,10 @@ class ReportDatatable < CustomDatatable
     records.map do |record|
       {
         '0'    => record.id,
-        '1'    => record.project_name,
-        '2'    => record.name,
-        '3'    => record.created_by,
-        '4'    => record.last_modified_by,
+        '1'    => sanitize_input(record.project_name),
+        '2'    => sanitize_input(record.name),
+        '3'    => sanitize_input(record.created_by),
+        '4'    => sanitize_input(record.last_modified_by),
         '5'    => I18n.l(record.created_at, format: :full),
         '6'    => I18n.l(record.updated_at, format: :full),
         'edit' => edit_project_report_path(record.project_id, record.id)