Skip to content
Snippets Groups Projects
Commit eb9bec97 authored by Chris Hallberg's avatar Chris Hallberg
Browse files

Escape list titles to prevent JS injection.

parent 23d921d9
No related merge requests found
Hide whitespace changes
Inline Side-by-side
themes/bootstrap3/js/check_save_statuses.js
+ 1
1
View file @ eb9bec97
......@@ -32,7 +32,7 @@ function checkSaveStatuses() {
var html = list.find('strong')[0].outerHTML+'<ul>';
for (var i=0; i<response.data[sel].length; i++) {
html += '<li><a href="' + response.data[sel][i].list_url + '">'
+ response.data[sel][i].list_title + '</a></li>';
+ htmlEncode(response.data[sel][i].list_title) + '</a></li>';
}
html += '</ul>';
list.html(html).removeClass('hidden');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment