From 91f69858e49c3981d31eeee428c7bf3cd5e142fe Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Mon, 18 Jun 2012 09:42:31 +0200 Subject: [PATCH] escape log messages to avoid possible js execution --- settings/js/log.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings/js/log.js b/settings/js/log.js index 6063c7d9a9..bde8b8b104 100644 --- a/settings/js/log.js +++ b/settings/js/log.js @@ -39,7 +39,7 @@ OC.Log={ row.append(appTd); var messageTd=$(''); - messageTd.text(entry.message); + messageTd.text(entry.message.replace(//, ">")); row.append(messageTd); var timeTd=$('');