Permalink
Browse files

BUGFIX Escape HTML in CMS status messages

  • Loading branch information...
1 parent 7bb0bbf commit 604ede30a42df91571f27323defd2bc7dc0e7991 @chillu chillu committed Jan 4, 2013
Showing with 1 addition and 0 deletions.
  1. +1 −0 admin/javascript/LeftAndMain.js
@@ -963,6 +963,7 @@ jQuery.noConflict();
}(jQuery));
var statusMessage = function(text, type) {
+ text = $('<div/>').text(text).html(); // Escape HTML entities in text
jQuery.noticeAdd({text: text, type: type});
};

0 comments on commit 604ede3

Please sign in to comment.