add htmlEncode to various fields

add htmlEnode as a renderer to fields which lets you
input arbitrary strings, to prevent html tags

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

www/manager/dc/AuthView.js

@@ -132,6 +132,7 @@ Ext.define('PVE.dc.AuthView', {
 		    header: gettext('Comment'),
 		    sortable: false,
 		    dataIndex: 'comment',
+		    renderer: Ext.String.htmlEncode,
 		    flex: 1
 		}
 	    ],

www/manager/dc/GroupView.js

@@ -95,6 +95,7 @@ Ext.define('PVE.dc.GroupView', {
 		{
 		    header: gettext('Comment'),
 		    sortable: false,
+		    renderer: Ext.String.htmlEncode,
 		    dataIndex: 'comment',
 		    flex: 1
 		}

www/manager/dc/PoolView.js

@@ -96,6 +96,7 @@ Ext.define('PVE.dc.PoolView', {
 		    header: gettext('Comment'),
 		    sortable: false,
 		    dataIndex: 'comment',
+		    renderer: Ext.String.htmlEncode,
 		    flex: 1
 		}
 	    ],

www/manager/dc/SecurityGroups.js

@@ -167,7 +167,7 @@ Ext.define('PVE.SecurityGroupList', {
 	    selModel: sm,
 	    columns: [
 		{ header: gettext('Group'), dataIndex: 'group', width: 100 },
-		{ header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+		{ header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
 	    ],
 	    listeners: {
 		itemdblclick: run_editor,

www/manager/dc/UserView.js

@@ -220,6 +220,7 @@ Ext.define('PVE.dc.UserView', {
 		    id: 'comment',
 		    header: gettext('Comment'),
 		    sortable: false,
+		    renderer: Ext.String.htmlEncode,
 		    dataIndex: 'comment',
 		    flex: 1
 		}

www/manager/grid/FirewallAliases.js

@@ -171,7 +171,7 @@ Ext.define('PVE.FirewallAliases', {
 	    columns: [
 		{ header: gettext('Name'), dataIndex: 'name', width: 100 },
 		{ header:  gettext('IP/CIDR'), dataIndex: 'cidr', width: 100 },
-		{ header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+		{ header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
 	    ],
 	    listeners: {
 		itemdblclick: run_editor

www/manager/ha/Groups.js

@@ -108,7 +108,8 @@ Ext.define('PVE.ha.GroupsView', {
 		{
 		    header: gettext('Comment'),
 		    flex: 1,
-		    dataIndex: 'comment'
+		    dataIndex: 'comment',
+		    renderer: Ext.String.htmlEncode
 		}
 	    ],
 	    listeners: {

www/manager/ha/Resources.js

@@ -133,7 +133,8 @@ Ext.define('PVE.ha.ResourcesView', {
 		{
 		    header: gettext('Description'),
 		    flex: 1,
-		    dataIndex: 'comment'
+		    dataIndex: 'comment',
+		    renderer: Ext.String.htmlEncode
 		}
 	    ],
 	    listeners: {

www/manager/lxc/SnapshotTree.js

@@ -279,7 +279,7 @@ Ext.define('PVE.lxc.SnapshotTree', {
 			if (record.data.name === 'current') {
 			    return gettext("You are here!");
 			} else {
-			    return value;
+			    return Ext.String.htmlEncode(value);
 			}
 		    }
 		}

www/manager/panel/IPSet.js

@@ -148,7 +148,7 @@ Ext.define('PVE.IPSetList', {
 	    selModel: sm,
 	    columns: [
 		{ header: 'IPSet', dataIndex: 'name', width: 100 },
-		{ header: gettext('Comment'), dataIndex: 'comment', flex: 1 }
+		{ header: gettext('Comment'), dataIndex: 'comment', renderer: Ext.String.htmlEncode, flex: 1 }
 	    ],
 	    listeners: {
 		itemdblclick: run_editor,

www/manager/pool/StatusView.js

@@ -13,6 +13,7 @@ Ext.define('PVE.pool.StatusView', {
 	var rows = {
 	    comment: {
 		header: gettext('Comment'), 
+		renderer: Ext.String.htmlEncode,
 		required: true
 	    }
 	};

www/manager/qemu/Options.js

@@ -242,6 +242,7 @@ Ext.define('PVE.qemu.Options', {
 	    smbios1: {
 		header: gettext('SMBIOS settings (type1)'),
 		defaultValue: '',
+		renderer: Ext.String.htmlEncode,
 		editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.Smbios1Edit' : undefined
 	    },
 	    agent: {

www/manager/qemu/SnapshotTree.js

@@ -279,7 +279,7 @@ Ext.define('PVE.qemu.SnapshotTree', {
 			if (record.data.name === 'current') {
 			    return gettext("You are here!");
 			} else {
-			    return value;
+			    return Ext.String.htmlEncode(value);
 			}
 		    }
 		}