cloudstack 3.0 UI - XSS - global setting page - fix a bug that notification got hacked after saving a value that has script tag (XSS attack).

2012-03-16 13:11:44 -07:00 · 2012-03-16 13:11:44 -07:00 · f21263364f
parent 7283591690
commit f21263364f
1 changed files with 1 additions and 1 deletions
--- a/ui/scripts/ui/widgets/listView.js
+++ b/ui/scripts/ui/widgets/listView.js
@ -412,7 +412,7 @@
                  _l('Set value of') +
                  ' ' + $instanceRow.find('td.name span').html() +
                  ' ' + _l('to') +
-                  ' ' + newName :
+                  ' ' + _s(newName) :
                  _l('Unset value for') +
                  ' ' + $instanceRow.find('td.name span').html()
              },