From d1c0148e374c5d6ccc7a2469eb468389a42ae9ef Mon Sep 17 00:00:00 2001
From: Stas Vilchik <vilchiks@gmail.com>
Date: Thu, 15 Sep 2016 16:19:39 +0200
Subject: fix SSF-49

---
 .../src/main/js/apps/quality-profiles/profile-details-view.js        | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'server/sonar-web/src/main/js')

diff --git a/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js b/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
index a914b3ac6be..226241e67fd 100644
--- a/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
+++ b/server/sonar-web/src/main/js/apps/quality-profiles/profile-details-view.js
@@ -20,6 +20,7 @@
 import $ from 'jquery';
 import _ from 'underscore';
 import Marionette from 'backbone.marionette';
+import escapeHtml from 'escape-html';
 import ChangeProfileParentView from './change-profile-parent-view';
 import ProfileChangelogView from './profile-changelog-view';
 import ProfileComparisonView from './profile-comparison-view';
@@ -81,9 +82,7 @@ export default Marionette.LayoutView.extend({
       height: 200,
       readOnly: !this.options.canWrite,
       focusSearch: false,
-      format (item) {
-        return item.name;
-      },
+      format: item => escapeHtml(item.name),
       searchUrl: window.baseUrl + '/api/qualityprofiles/projects?key=' + encodeURIComponent(key),
       selectUrl: window.baseUrl + '/api/qualityprofiles/add_project',
       deselectUrl: window.baseUrl + '/api/qualityprofiles/remove_project',
-- 
cgit v1.2.3