From 9d0cfacd67b92bbbea3fa3ff55743ffec7faa107 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle <schiessle@owncloud.com> Date: Mon, 18 Jun 2012 09:42:31 +0200 Subject: [PATCH] escape log messages to avoid possible js execution --- settings/js/log.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings/js/log.js b/settings/js/log.js index 6063c7d9a9..bde8b8b104 100644 --- a/settings/js/log.js +++ b/settings/js/log.js @@ -39,7 +39,7 @@ OC.Log={ row.append(appTd); var messageTd=$('<td/>'); - messageTd.text(entry.message); + messageTd.text(entry.message.replace(/</, "<").replace(/>/, ">")); row.append(messageTd); var timeTd=$('<td/>'); -- GitLab