From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 18 Jun 2012 07:42:31 +0000 (+0200)
Subject: escape log messages to avoid possible js execution
X-Git-Tag: v4.5.0beta1~74^2~412^2~4
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=91f69858e49c3981d31eeee428c7bf3cd5e142fe;p=nextcloud-server.git

escape log messages to avoid possible js execution
---

diff --git a/settings/js/log.js b/settings/js/log.js
index 6063c7d9a9f..bde8b8b104c 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message);
+			messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');