fix(title-xss): escaping text acquired from parameters to avoid any xss attacks

https://github.com/Netflix/Hystrix/pull/921

fix(title-xss): escaping text acquired from parameters to avoid any xss attacks
0df6f0c0 · Spencer Gibb · a7abfd42 · 0df6f0c0
Commit 0df6f0c0 authored Oct 05, 2015 by Spencer Gibb
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

monitor.ftl ...ashboard/src/main/resources/templates/hystrix/monitor.ftl +2 -2

No files found.
--- a/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl
+++ b/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl
@@ -101,9 +101,9 @@
 			var poolStream = "${contextPath}/proxy.stream?origin=" + stream;
 			if(getUrlVars()["title"] != undefined) {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
 			} else {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
 			}
 		}
 		console.log("Command Stream: " + commandStream)