BUGFIX Escape HTML in CMS status messages

2024-10-22 12:05:37 +00:00 · 2013-01-04 17:29:24 +01:00 · 2013-01-04 17:29:24 +01:00 · 604ede30a4
commit 604ede30a4
parent 7bb0bbff0e
1 changed files with 1 additions and 0 deletions
--- a/admin/javascript/LeftAndMain.js
+++ b/admin/javascript/LeftAndMain.js
@ -963,6 +963,7 @@ jQuery.noConflict();
 }(jQuery));

 var statusMessage = function(text, type) {
+	text = $('<div/>').text(text).html(); // Escape HTML entities in text
 	jQuery.noticeAdd({text: text, type: type});
 };