etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

quota: escape javascript, but not html 

people might want to send html emails

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2015-07-23 15:33:34 +05:30
parent f5be8aaf8f
commit 1725266457
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/database/quota/src/org/apache/cloudstack/api/response/QuotaResponseBuilderImpl.java
View File

@ -325,8 +325,8 @@ public class QuotaResponseBuilderImpl implements QuotaResponseBuilder {
@Override
public boolean updateQuotaEmailTemplate(QuotaEmailTemplateUpdateCmd cmd) {
final String templateName = cmd.getTemplateName();
final String templateSubject = StringEscapeUtils.escapeHtml(cmd.getTemplateSubject());
final String templateBody = StringEscapeUtils.escapeHtml(cmd.getTemplateBody());
final String templateSubject = StringEscapeUtils.escapeJavaScript(cmd.getTemplateSubject());
final String templateBody = StringEscapeUtils.escapeJavaScript(cmd.getTemplateBody());
final String locale = cmd.getLocale();
final List<QuotaEmailTemplatesVO> templates = _quotaEmailTemplateDao.listAllQuotaEmailTemplates(templateName);