From 50da0d918fc81def5405145350e11966e2706b3b Mon Sep 17 00:00:00 2001
From: Kris McQueen <kris@cloud.com>
Date: Tue, 21 Sep 2010 18:23:40 -0700
Subject: [PATCH] The sanitizeXSS function only sanitizes strings and leaves
 other types unchanged.

---
 ui/scripts/cloud.core.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/scripts/cloud.core.js b/ui/scripts/cloud.core.js
index 9c527906e4e..abfa94d4d48 100644
--- a/ui/scripts/cloud.core.js
+++ b/ui/scripts/cloud.core.js
@@ -626,7 +626,7 @@ function noNull(val) {
 // Prevent cross-site-script(XSS) attack. 
 // used right before adding user input to the DOM tree. e.g. DOM_element.html(sanitizeXSS(user_input));  
 function sanitizeXSS(val) {     
-    if(val == null)
+    if((val == null) || (typeof val != "string"))
         return val; 
     val = val.replace(/</g, "&lt;");  //replace < whose unicode is \u003c     
     val = val.replace(/>/g, "&gt;");  //replace > whose unicode is \u003e