From 91dcb51d28df6a820ff936752a4f16774c6da806 Mon Sep 17 00:00:00 2001
From: Feilong Wang <flwang@catalyst.net.nz>
Date: Fri, 24 Aug 2018 05:53:36 +1200
Subject: [PATCH] Escape resource name

Change-Id: Ia39c6677fb5d53474611ef227cb793205a641a28
---
 distil_ui/api/distil_v2.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/distil_ui/api/distil_v2.py b/distil_ui/api/distil_v2.py
index 961abad..dc9b05d 100644
--- a/distil_ui/api/distil_v2.py
+++ b/distil_ui/api/distil_v2.py
@@ -18,6 +18,7 @@ import logging
 import six
 
 from django.conf import settings
+from django.utils.html import escape
 
 from openstack_dashboard.api import base
 
@@ -175,6 +176,8 @@ def _parse_invoice(invoice):
         for product in services["breakdown"]:
             for order_line in services["breakdown"][product]:
                 order_line["product"] = product
+                order_line["resource_name"] = escape(
+                    order_line["resource_name"])
                 details.append(order_line)
     LOG.debug("Got quotations successfully.")
     return parsed
@@ -193,6 +196,8 @@ def _parse_quotation(quotation, merged_quotations, region=None):
         for product in services["breakdown"]:
             for order_line in services["breakdown"][product]:
                 order_line["product"] = product
+                order_line["resource_name"] = escape(
+                    order_line["resource_name"])
                 details.append(order_line)
 
     return parsed