bug #4492 [security] XSS in AJAX confirmation messages

Signed-off-by: Marc Delisle <marc@infomarc.info>
author: Marc Delisle <marc@infomarc.info> 2014-07-18 01:18:52 +0400
committer: Marc Delisle <marc@infomarc.info> 2014-07-18 01:18:52 +0400
commit: 29a1f56495a7d1d98da31a614f23c0819a606a4d (patch)
tree: f2b5b2f6457030a411f66255af4d1edb0c7231d5 /js/tbl_structure.js
parent: 61a9484ce5ba5b01ff6b652a3fbe2ab61c18ed3e (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/js/tbl_structure.js b/js/tbl_structure.js
index f754832c8a..9821cb312f 100644
--- a/js/tbl_structure.js
+++ b/js/tbl_structure.js
@@ -198,6 +198,7 @@ AJAX.registerOnload('tbl_structure.js', function () {
          * @var curr_column_name    String containing name of the field referred to by {@link curr_row}
          */
         var curr_column_name = $curr_row.children('th').children('label').text();
+        curr_column_name = escapeHtml(curr_column_name);
         /**
          * @var $after_field_item    Corresponding entry in the 'After' field.
          */
author	Marc Delisle <marc@infomarc.info>	2014-07-18 01:18:52 +0400
committer	Marc Delisle <marc@infomarc.info>	2014-07-18 01:18:52 +0400
commit	29a1f56495a7d1d98da31a614f23c0819a606a4d (patch)
tree	f2b5b2f6457030a411f66255af4d1edb0c7231d5 /js/tbl_structure.js
parent	61a9484ce5ba5b01ff6b652a3fbe2ab61c18ed3e (diff)