Merge pull request #924 from mattrjacobs/backport-pr-921

fix(title-xss): escaping text acquired from parameters to avoid any xss attacks
Netflix · Oct 6, 2015 · c66a548 · c66a548
2 parents c5eb45b + 7c5003d
commit c66a548
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/hystrix-dashboard/src/main/webapp/monitor/monitor.html b/hystrix-dashboard/src/main/webapp/monitor/monitor.html
@@ -94,9 +94,9 @@ <h2><span id="title_name"></span></h2>
 			}
 
 			if(getUrlVars()["title"] != undefined) {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
 			} else {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
 			}
 
             //do not show authorization in stream title