Fixed potential XSS vulnerability in confirm messages

author Alexander Ebert <ebert@woltlab.com>

Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)

committer Alexander Ebert <ebert@woltlab.com>

Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)
author Alexander Ebert <ebert@woltlab.com>
Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)
committer Alexander Ebert <ebert@woltlab.com>
Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)
diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js

index 553cc05503d38b7ef18684d159a802743da43e34..1df469939960d6a4831ff5bd24a15dbee5f098f0 100755 (executable)
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -5921,7 +5921,7 @@ WCF.System.Confirmation = {
                         template.appendTo(this._dialog.find('#wcfSystemConfirmationContent').show());
                 }
                 
-               this._dialog.find('p').html(message);
+               this._dialog.find('p').text(message);
                 this._dialog.wcfDialog({
                         onClose: $.proxy(this._close, this),
                         onShow: $.proxy(this._show, this),
author	Alexander Ebert <ebert@woltlab.com>
	Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)
committer	Alexander Ebert <ebert@woltlab.com>
	Mon, 22 Jul 2013 13:43:18 +0000 (15:43 +0200)