Correctly escape policy names.

2015-01-05 13:31:58 +00:00 · 2015-01-05 13:31:58 +00:00 · 4a7e37cdc0
parent 68b4686705
commit 4a7e37cdc0
1 changed files with 3 additions and 2 deletions
--- a/deps/rabbitmq_management/priv/www/js/formatters.js
+++ b/deps/rabbitmq_management/priv/www/js/formatters.js
@ -84,8 +84,9 @@ function fmt_features(obj) {

 function fmt_policy_short(obj) {
    if (obj.policy != undefined && obj.policy != '') {
-        return '<acronym class="policy" title="Policy: ' + obj.policy +
-            '">' + obj.policy + '</acronym> ';
+        return '<acronym class="policy" title="Policy: ' +
+            fmt_escape_html(obj.policy) + '">' +
+            fmt_escape_html(obj.policy) + '</acronym> ';
    } else {
        return '';
    }