escape before output, fixes #9041
This commit is contained in:
parent
4fbab3c12d
commit
3ebb1565a7
|
@ -94,7 +94,7 @@ DeleteHandler.prototype.showNotification = function() {
|
|||
}
|
||||
$('#notification').data(this.notificationDataID, true);
|
||||
var msg = this.notificationMessage.replace(this.notificationPlaceholder,
|
||||
this.oidToDelete);
|
||||
escapeHTML(this.oidToDelete));
|
||||
this.notifier.showHtml(msg);
|
||||
}
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue