Unverified Commit 835438b7 authored by Dave Cridland's avatar Dave Cridland Committed by GitHub

Merge pull request #1055 from GregDThomas/OF-1518

OF-1518: Ensure the summary is properly escaped
parents 1c36f50f e8fa8d23
......@@ -167,7 +167,7 @@
<%= event.getNode() %>
</td>
<td width="59%">
<%= event.getSummary() %>
<%= StringUtils.escapeHTMLTags(event.getSummary()) %>
<% if (event.getDetails() != null) { %>
&nbsp; <a href="" onclick="if (document.getElementById('details<%= event.getMsgID() %>').style.display == 'none') { document.getElementById('details<%= event.getMsgID() %>').style.display = 'block'; document.getElementById('label<%= event.getMsgID() %>').innerHTML = '<%= LocaleUtils.getLocalizedString("security.audit.viewer.hide_details")%>'; return false;} else { document.getElementById('details<%= event.getMsgID() %>').style.display = 'none'; document.getElementById('label<%= event.getMsgID() %>').innerHTML = '<%= LocaleUtils.getLocalizedString("security.audit.viewer.show_details")%>'; return false;}" id="label<%= event.getMsgID() %>"><fmt:message key="security.audit.viewer.show_details" /></a><br/>
<pre id="details<%= event.getMsgID() %>" style="display:none; margin: 0px; padding: 1px;"><%= StringUtils.escapeHTMLTags(event.getDetails()) %></pre>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment