From: Stas Vilchik <vilchiks@gmail.com>
Date: Mon, 16 Dec 2013 12:47:20 +0000 (+0600)
Subject: SQ 4.1 bugfixes
X-Git-Tag: 4.2~966
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b18f81b335eff3f8a985bcbeb939522003192044;p=sonarqube.git

SQ 4.1 bugfixes

Fix XSS on favorite filters (issues page edition)
---

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_favourites2.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_favourites2.html.erb
index 845bde92752..4c6dfd34e27 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_favourites2.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_favourites2.html.erb
@@ -1,7 +1,7 @@
 <% if logged_in? %>
   {
     <% @favourite_filters.each do |filter| %>
-        '<%= filter.id -%>': '<%= h filter.name -%>',
+      "<%= h filter.id -%>": "<%= escape_javascript filter.name %>",
     <% end %>
   }
 <% else %>