diff --git a/src/web/security-audit-viewer.jsp b/src/web/security-audit-viewer.jsp index bece8b9a51d033e86a7466965fcf908c5141ebbe..20e24c3da69f37aecb4ffd93a1d8fbfcd7795295 100644 --- a/src/web/security-audit-viewer.jsp +++ b/src/web/security-audit-viewer.jsp @@ -167,7 +167,7 @@ <%= event.getNode() %> </td> <td width="59%"> - <%= event.getSummary() %> + <%= StringUtils.escapeHTMLTags(event.getSummary()) %> <% if (event.getDetails() != null) { %> <a href="" onclick="if (document.getElementById('details<%= event.getMsgID() %>').style.display == 'none') { document.getElementById('details<%= event.getMsgID() %>').style.display = 'block'; document.getElementById('label<%= event.getMsgID() %>').innerHTML = '<%= LocaleUtils.getLocalizedString("security.audit.viewer.hide_details")%>'; return false;} else { document.getElementById('details<%= event.getMsgID() %>').style.display = 'none'; document.getElementById('label<%= event.getMsgID() %>').innerHTML = '<%= LocaleUtils.getLocalizedString("security.audit.viewer.show_details")%>'; return false;}" id="label<%= event.getMsgID() %>"><fmt:message key="security.audit.viewer.show_details" /></a><br/> <pre id="details<%= event.getMsgID() %>" style="display:none; margin: 0px; padding: 1px;"><%= StringUtils.escapeHTMLTags(event.getDetails()) %></pre>