Skip to content

Commit

Permalink
Merge pull request Netflix#921 from xscreach/fix/title-escape
Browse files Browse the repository at this point in the history
fix(title-xss): escaping text acquired from parameters to avoid any xss attacks
  • Loading branch information
mattrjacobs committed Oct 5, 2015
2 parents 54ea927 + aac6929 commit 22b7915
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions hystrix-dashboard/src/main/webapp/monitor/monitor.html
Original file line number Diff line number Diff line change
Expand Up @@ -95,9 +95,9 @@ <h2><span id="title_name"></span></h2>
}

if(getUrlVars()["title"] != undefined) {
$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
} else {
$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
}

//do not show authorization in stream title
Expand Down

0 comments on commit 22b7915

Please sign in to comment.