escape log messages to avoid possible js execution
This commit is contained in:
parent
d8048414aa
commit
9d0cfacd67
|
@ -39,7 +39,7 @@ OC.Log={
|
|||
row.append(appTd);
|
||||
|
||||
var messageTd=$('<td/>');
|
||||
messageTd.text(entry.message);
|
||||
messageTd.text(entry.message.replace(/</, "<").replace(/>/, ">"));
|
||||
row.append(messageTd);
|
||||
|
||||
var timeTd=$('<td/>');
|
||||
|
|
Loading…
Reference in New Issue