Patch persistent XSS in vhost on the limits page

2019-09-12 10:29:18 +02:00 · 2019-09-12 10:29:18 +02:00 · e9238b1a3c
parent 6ae64334df
commit e9238b1a3c
1 changed files with 1 additions and 1 deletions
--- a/deps/rabbitmq_management/priv/www/js/tmpl/limits.ejs
+++ b/deps/rabbitmq_management/priv/www/js/tmpl/limits.ejs
@ -28,7 +28,7 @@

                <tr<%= alt_rows(j+1)%>>
                    <% if(j == 0) { %>
-                    <td rowspan="<%= limit_values.length %>"> <%= limit.vhost %> </td>
+                    <td rowspan="<%= limit_values.length %>"> <%= fmt_string(limit.vhost) %> </td>
                    <% } %>
                    <td><%= limit_value.name %></td>
                    <td><%= limit_value.value %></td>