From 1725266457d4c8454f529e06c021c61b8299b2d9 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Thu, 23 Jul 2015 15:33:34 +0530
Subject: [PATCH] quota: escape javascript, but not html

people might want to send html emails

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../cloudstack/api/response/QuotaResponseBuilderImpl.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/database/quota/src/org/apache/cloudstack/api/response/QuotaResponseBuilderImpl.java b/plugins/database/quota/src/org/apache/cloudstack/api/response/QuotaResponseBuilderImpl.java
index cbab4a813b3..1337e0a4313 100644
--- a/plugins/database/quota/src/org/apache/cloudstack/api/response/QuotaResponseBuilderImpl.java
+++ b/plugins/database/quota/src/org/apache/cloudstack/api/response/QuotaResponseBuilderImpl.java
@@ -325,8 +325,8 @@ public class QuotaResponseBuilderImpl implements QuotaResponseBuilder {
     @Override
     public boolean updateQuotaEmailTemplate(QuotaEmailTemplateUpdateCmd cmd) {
         final String templateName = cmd.getTemplateName();
-        final String templateSubject = StringEscapeUtils.escapeHtml(cmd.getTemplateSubject());
-        final String templateBody = StringEscapeUtils.escapeHtml(cmd.getTemplateBody());
+        final String templateSubject = StringEscapeUtils.escapeJavaScript(cmd.getTemplateSubject());
+        final String templateBody = StringEscapeUtils.escapeJavaScript(cmd.getTemplateBody());
         final String locale = cmd.getLocale();
 
         final List<QuotaEmailTemplatesVO> templates = _quotaEmailTemplateDao.listAllQuotaEmailTemplates(templateName);