SONAR-4269 Escape rule name to prevent XSS

author: Julien Lancelot <julien.lancelot@gmail.com> 2013-08-27 12:15:37 +0200
committer: Julien Lancelot <julien.lancelot@gmail.com> 2013-08-27 12:15:37 +0200
commit: 550899a13480fae40988025213459617c56450b4 (patch)
tree: e30ae0365fa95dcf0f4bbe5c949c3db15af9f3f8 /sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
parent: 5b3813ad31de4d301f3fdb53ed8173b775b59c82 (diff)
download: sonarqube-550899a13480fae40988025213459617c56450b4.tar.gz
sonarqube-550899a13480fae40988025213459617c56450b4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
index f8901aa0ee4..6e1cb2eeeed 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
@@ -1,4 +1,4 @@
-<div class="code-issue" data-issue-key="<%= issue.key -%>" data-issue-component="<%= issue.componentKey() -%>" data-issue-rule="<%= issue.ruleKey().toString() -%>">
+<div class="code-issue" data-issue-key="<%= issue.key -%>" data-issue-component="<%= issue.componentKey() -%>" data-issue-rule="<%= u issue.ruleKey().toString() -%>">
   <div class="code-issue-name">
     <div style="float: right">
       <a href="#" onclick="return openIssuePopup(this)" class="issue-permalink"><img src="<%= ApplicationController.root_context -%>/images/new-window-16.gif"></a>
author	Julien Lancelot <julien.lancelot@gmail.com>	2013-08-27 12:15:37 +0200
committer	Julien Lancelot <julien.lancelot@gmail.com>	2013-08-27 12:15:37 +0200
commit	550899a13480fae40988025213459617c56450b4 (patch)
tree	e30ae0365fa95dcf0f4bbe5c949c3db15af9f3f8 /sonar-server/src/main/webapp/WEB-INF/app/views/issue/_issue.html.erb
parent	5b3813ad31de4d301f3fdb53ed8173b775b59c82 (diff)
download	sonarqube-550899a13480fae40988025213459617c56450b4.tar.gz sonarqube-550899a13480fae40988025213459617c56450b4.zip