diff options
author | Marc Delisle <marc@infomarc.info> | 2014-07-18 01:18:52 +0400 |
---|---|---|
committer | Marc Delisle <marc@infomarc.info> | 2014-07-18 01:18:52 +0400 |
commit | 29a1f56495a7d1d98da31a614f23c0819a606a4d (patch) | |
tree | f2b5b2f6457030a411f66255af4d1edb0c7231d5 /js/tbl_structure.js | |
parent | 61a9484ce5ba5b01ff6b652a3fbe2ab61c18ed3e (diff) |
bug #4492 [security] XSS in AJAX confirmation messages
Signed-off-by: Marc Delisle <marc@infomarc.info>
Diffstat (limited to 'js/tbl_structure.js')
-rw-r--r-- | js/tbl_structure.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/js/tbl_structure.js b/js/tbl_structure.js index f754832c8a..9821cb312f 100644 --- a/js/tbl_structure.js +++ b/js/tbl_structure.js @@ -198,6 +198,7 @@ AJAX.registerOnload('tbl_structure.js', function () { * @var curr_column_name String containing name of the field referred to by {@link curr_row} */ var curr_column_name = $curr_row.children('th').children('label').text(); + curr_column_name = escapeHtml(curr_column_name); /** * @var $after_field_item Corresponding entry in the 'After' field. */ |