Merge pull request #2796 from Sarangan0219/msgid_encoding

Add OWASP encoding to msgId
wso2 · Oct 7, 2020 · 5a23bcb · 5a23bcb
2 parents 518b7af + 2cd76ad
commit 5a23bcb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/core/org.wso2.carbon.ui/src/main/resources/web/dialog/display_messages.jsp b/core/org.wso2.carbon.ui/src/main/resources/web/dialog/display_messages.jsp
@@ -23,13 +23,13 @@
 <script type="text/javascript">
     var msgId;
     <%
-    if(CharacterEncoder.getSafeText(request.getParameter("msgId")) == null){
+    if(Encode.forJavaScript(request.getParameter("msgId")) == null){
     %>
     msgId = '<%="MSG" + System.currentTimeMillis() + Math.random()%>';
     <%
     } else {
     %>
-    msgId = '<%=CharacterEncoder.getSafeText(request.getParameter("msgId"))%>';
+    msgId = '<%=Encode.forJavaScript(request.getParameter("msgId"))%>';
     <%
     }
     %>