Skip to content
This repository has been archived by the owner on Apr 3, 2023. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #212 from w3c/nu-xss
Escape HTML in messages extracted from Validator NU output
  • Loading branch information
dontcallmedom committed Jun 3, 2021
2 parents 676c725 + 4a5fa92 commit 51f75c3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java
Expand Up @@ -48,7 +48,7 @@ public ValidatorNuMessage(JsonObject jsonMessage, String uri) {
break;
}

title = jsonMessage.getString("message");
title = jsonMessage.getString("message").replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("'", "&apos;").replace("\"", "&quot;");

contexts.add(new ValidatorNuContext(jsonMessage, uri));
}
Expand Down

0 comments on commit 51f75c3

Please sign in to comment.