From 9579161e966c5f6df3d5090f693617dc378935d8 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@gmail.com>
Date: Mon, 12 Aug 2013 18:14:08 +0200
Subject: [PATCH] SONAR-4269 Fix XSS in configuration of dashboard

---
 .../main/webapp/WEB-INF/app/views/dashboard/configure.html.erb  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb
index 310216edab0..9ffb899f05e 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb
@@ -64,7 +64,7 @@
   function init_dashboard() {
     portal = new Portal(options);
   <% if params[:highlight] %>
-    portal.highlightWidget(<%= params[:highlight] -%>);
+    portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>);
   <% end %>
   }
   $j(document).ready(function(){init_dashboard();});
-- 
2.39.5