From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 22 Jul 2013 13:43:18 +0000 (+0200)
Subject: Fixed potential XSS vulnerability in confirm messages
X-Git-Tag: 2.0.0_Beta_5~20^2~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7b0937e3aeadb60d48d57ef439ebfb87df8a15f1;p=GitHub%2FWoltLab%2FWCF.git

Fixed potential XSS vulnerability in confirm messages
---

diff --git a/wcfsetup/install/files/js/WCF.js b/wcfsetup/install/files/js/WCF.js
index 553cc05503..1df4699399 100755
--- a/wcfsetup/install/files/js/WCF.js
+++ b/wcfsetup/install/files/js/WCF.js
@@ -5921,7 +5921,7 @@ WCF.System.Confirmation = {
 			template.appendTo(this._dialog.find('#wcfSystemConfirmationContent').show());
 		}
 		
-		this._dialog.find('p').html(message);
+		this._dialog.find('p').text(message);
 		this._dialog.wcfDialog({
 			onClose: $.proxy(this._close, this),
 			onShow: $.proxy(this._show, this),