Skip to content

Commit

Permalink
Escape <> in log messages to prevent html shenanigans. Fixes #3596
Browse files Browse the repository at this point in the history
  • Loading branch information
@connortechnology
Isaac Connor authored and connortechnology committed Feb 18, 2023
1 parent 1546fab commit e1028c1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions web/skins/classic/views/js/log.js
View file
Expand Up @@ -50,8 +50,8 @@ function ajaxRequest(params) {
function processRows(rows) {
$j.each(rows, function(ndx, row) {
try {
row.Message = decodeURIComponent(row.Message);
} catch(e) {
row.Message = decodeURIComponent(row.Message).replace(/</g, "&lt;").replace(/>/g, "&gt;");
} catch (e) {
// ignore errors
}
});
Expand Down

0 comments on commit e1028c1

Please sign in to comment.