From 9d0cfacd67b92bbbea3fa3ff55743ffec7faa107 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 18 Jun 2012 09:42:31 +0200
Subject: [PATCH] escape log messages to avoid possible js execution

---
 settings/js/log.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings/js/log.js b/settings/js/log.js
index 6063c7d9a9..bde8b8b104 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message);
+			messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');
-- 
GitLab