From 7c5003dddea138b0d3e035029fd53c627b7017ae Mon Sep 17 00:00:00 2001
From: Cestmir Ruzicka <cestmir.ruzicka@hp.com>
Date: Mon, 5 Oct 2015 15:36:42 +0200
Subject: [PATCH] fix(title-xss): escaping text acquired from parameters to
 avoid any xss attacks

---
 hystrix-dashboard/src/main/webapp/monitor/monitor.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hystrix-dashboard/src/main/webapp/monitor/monitor.html b/hystrix-dashboard/src/main/webapp/monitor/monitor.html
index 4aac8bcb7..da729b426 100644
--- a/hystrix-dashboard/src/main/webapp/monitor/monitor.html
+++ b/hystrix-dashboard/src/main/webapp/monitor/monitor.html
@@ -94,9 +94,9 @@ <h2><span id="title_name"></span></h2>
 			}
 
 			if(getUrlVars()["title"] != undefined) {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
 			} else {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
 			}
 
             //do not show authorization in stream title