escape log messages to avoid possible js execution

author: Bjoern Schiessle <schiessle@owncloud.com> 2012-06-18 09:42:31 +0200
committer: Bjoern Schiessle <schiessle@owncloud.com> 2012-06-18 09:43:56 +0200
commit: 9d0cfacd67b92bbbea3fa3ff55743ffec7faa107 (patch)
tree: 06b95851f9e71438a4c17d97cf98a3d1a247becd /settings/js/log.js
parent: d8048414aa270246e5fb54ca0c0db7dd54c337e6 (diff)
download: nextcloud-server-9d0cfacd67b92bbbea3fa3ff55743ffec7faa107.tar.gz
nextcloud-server-9d0cfacd67b92bbbea3fa3ff55743ffec7faa107.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/settings/js/log.js b/settings/js/log.js
index 6063c7d9a9f..bde8b8b104c 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message);
+			messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');
author	Bjoern Schiessle <schiessle@owncloud.com>	2012-06-18 09:42:31 +0200
committer	Bjoern Schiessle <schiessle@owncloud.com>	2012-06-18 09:43:56 +0200
commit	9d0cfacd67b92bbbea3fa3ff55743ffec7faa107 (patch)
tree	06b95851f9e71438a4c17d97cf98a3d1a247becd /settings/js/log.js
parent	d8048414aa270246e5fb54ca0c0db7dd54c337e6 (diff)
download	nextcloud-server-9d0cfacd67b92bbbea3fa3ff55743ffec7faa107.tar.gz nextcloud-server-9d0cfacd67b92bbbea3fa3ff55743ffec7faa107.zip