escape log messages to avoid possible js execution

author Bjoern Schiessle <schiessle@owncloud.com>

Mon, 18 Jun 2012 07:42:31 +0000 (09:42 +0200)

committer Bjoern Schiessle <schiessle@owncloud.com>

Mon, 18 Jun 2012 07:43:56 +0000 (09:43 +0200)
author Bjoern Schiessle <schiessle@owncloud.com>
Mon, 18 Jun 2012 07:42:31 +0000 (09:42 +0200)
committer Bjoern Schiessle <schiessle@owncloud.com>
Mon, 18 Jun 2012 07:43:56 +0000 (09:43 +0200)
diff --git a/settings/js/log.js b/settings/js/log.js

index 6063c7d9a9fe8cb41834e832a1f8416b31c6f3ae..bde8b8b104c9334704cd64f7281fb9e28a6d5f2d 100644 (file)
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
                         row.append(appTd);
                         
                         var messageTd=$('<td/>');
-                       messageTd.text(entry.message);
+                       messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
                         row.append(messageTd);
                         
                         var timeTd=$('<td/>');
author	Bjoern Schiessle <schiessle@owncloud.com>
	Mon, 18 Jun 2012 07:42:31 +0000 (09:42 +0200)
committer	Bjoern Schiessle <schiessle@owncloud.com>
	Mon, 18 Jun 2012 07:43:56 +0000 (09:43 +0200)