RA-1424: escapeJs vulnerable to XSS. (#61)

openmrs · Jun 16, 2021 · a7eefb5 · a7eefb5
1 parent f3afce9
commit a7eefb5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/omod/src/main/webapp/pages/metadata/locations/location.gsp b/omod/src/main/webapp/pages/metadata/locations/location.gsp
@@ -9,7 +9,7 @@
 
     def parentLocationOptions = []
     existingLocations.each {
-        parentLocationOptions.push([ label: ui.escapeJs(ui.format(it)), value: it.id ])
+        parentLocationOptions.push([ label: ui.encodeJavaScript(ui.format(it)), value: it.id ])
     }
 %>