Fix for XSS issue from #381

Snorby · Jul 21, 2015 · 5069d58 · 5069d58
1 parent 897e987
commit 5069d58
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/views/saved_searches/view.html.erb b/app/views/saved_searches/view.html.erb
@@ -16,7 +16,7 @@
         }, function() {
           rule.build(data.search);
 
-          $('#title-header').replaceWith('<div class="edit edit-search-title" id="title-header">'+data.title+'</div><span class="sub-title">(click to edit)</span>');
+          $('#title-header').replaceWith('<div class="edit edit-search-title" id="title-header">'+sanitize data.title+'</div><span class="sub-title">(click to edit)</span>');
 
           $('.edit-search-title').editable(baseuri + "/saved/searches/title", {
             height: '20px',