Skip to content

Commit aa74e9a

Browse files
authored
Merge pull request #2797 from modoboa/fix/xss_issue_with_tags
Fixed XSS vulnerability
2 parents b0c4528 + 05b4a4f commit aa74e9a

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: modoboa/static/js/listing.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -255,9 +255,9 @@ Listing.prototype = {
255255
make_tag: function(text, type) {
256256
var $tag = $("<a />", {
257257
"name": type, "class" : "btn btn-default btn-xs",
258-
"html": " " + text
258+
"html": " " + htmlEncode(text)
259259
});
260-
260+
261261
$("<span />", {"class" : "fa fa-remove"}).prependTo($tag);
262262
$tag.click($.proxy(this.remove_tag, this));
263263
return $tag;

0 commit comments

Comments
 (0)