diff options
| author | Simon Brandhof <simon.brandhof@gmail.com> | 2013-08-12 18:14:08 +0200 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@gmail.com> | 2013-08-12 18:14:08 +0200 |
| commit | 9579161e966c5f6df3d5090f693617dc378935d8 (patch) | |
| tree | 209f8ca62ccc2e1f0d0be632dd80a940a46e6fde | |
| parent | c139e1846248555fe6096c0291ed2ef2ddbfe01d (diff) | |
| download | sonarqube-9579161e966c5f6df3d5090f693617dc378935d8.tar.gz sonarqube-9579161e966c5f6df3d5090f693617dc378935d8.zip | |
SONAR-4269 Fix XSS in configuration of dashboard
| -rw-r--r-- | sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb index 310216edab0..9ffb899f05e 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb +++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboard/configure.html.erb @@ -64,7 +64,7 @@ function init_dashboard() { portal = new Portal(options); <% if params[:highlight] %> - portal.highlightWidget(<%= params[:highlight] -%>); + portal.highlightWidget(<%= escape_javascript(params[:highlight]) -%>); <% end %> } $j(document).ready(function(){init_dashboard();}); |