From 7aafd05cbb0d29dfafe4d6976428272ebc8d9e45 Mon Sep 17 00:00:00 2001 From: Francisco Ribeiro Date: Mon, 12 Feb 2018 11:36:34 +0000 Subject: [PATCH] patched flash function to prevent XSS --- applications/admin/static/js/web2py.js | 2 +- applications/examples/static/js/web2py.js | 2 +- applications/welcome/static/js/web2py.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/admin/static/js/web2py.js b/applications/admin/static/js/web2py.js index 7131727d..22b9f253 100644 --- a/applications/admin/static/js/web2py.js +++ b/applications/admin/static/js/web2py.js @@ -617,7 +617,7 @@ flash: function (message, status) { var flash = $('.w2p_flash'); web2py.hide_flash(); - flash.html(message).addClass(status); + flash.text(message).addClass(status); if (flash.html()) flash.append(' × ')[animateIn](); }, hide_flash: function () { diff --git a/applications/examples/static/js/web2py.js b/applications/examples/static/js/web2py.js index 7131727d..22b9f253 100644 --- a/applications/examples/static/js/web2py.js +++ b/applications/examples/static/js/web2py.js @@ -617,7 +617,7 @@ flash: function (message, status) { var flash = $('.w2p_flash'); web2py.hide_flash(); - flash.html(message).addClass(status); + flash.text(message).addClass(status); if (flash.html()) flash.append(' × ')[animateIn](); }, hide_flash: function () { diff --git a/applications/welcome/static/js/web2py.js b/applications/welcome/static/js/web2py.js index 7131727d..22b9f253 100644 --- a/applications/welcome/static/js/web2py.js +++ b/applications/welcome/static/js/web2py.js @@ -617,7 +617,7 @@ flash: function (message, status) { var flash = $('.w2p_flash'); web2py.hide_flash(); - flash.html(message).addClass(status); + flash.text(message).addClass(status); if (flash.html()) flash.append(' × ')[animateIn](); }, hide_flash: function () {