From: Simon Brandhof Date: Mon, 12 Aug 2013 16:14:08 +0000 (+0200) Subject: SONAR-4269 Fix XSS in configuration of dashboard X-Git-Tag: 3.7.1-RC1-~121 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9579161e966c5f6df3d5090f693617dc378935d8;p=sonarqube.git SONAR-4269 Fix XSS in configuration of dashboard --- diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb index 310216edab0..9ffb899f05e 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb @@ -64,7 +64,7 @@ function init_dashboard() { portal = new Portal(options); <% if params[:highlight] %> - portal.highlightWidget(<%= params[:highlight] -%>); + portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>); <% end %> } $j(document).ready(function(){init_dashboard();});