Skip to content
Permalink
Browse files

Fixes JENKINS-32652.

Escape the display name in order to avoid injection of HTML or JS code.
  • Loading branch information...
ialbors-pfc committed Feb 4, 2016
1 parent a74fd19 commit bd95c4d4476d1191d8eb0535be40328f38f3c0c1
Showing with 2 additions and 1 deletion.
  1. +2 −1 src/main/java/hudson/plugins/nextexecutions/NextBuilds.java
@@ -21,6 +21,7 @@
import org.joda.time.format.PeriodFormatterBuilder;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import hudson.Util;

/**
* Provides a way to get the project's next execution date.
@@ -34,7 +35,7 @@

public NextBuilds(AbstractProject project, Calendar date) {
this.project = project;
this.name = project.getDisplayName();
this.name = Util.escape(project.getDisplayName());
this.date = date;
}

0 comments on commit bd95c4d

Please sign in to comment.
You can’t perform that action at this time.