From 2c5c6da0d985c7f95a4ef31b79cd09c764ef4f37 Mon Sep 17 00:00:00 2001 From: yflory Date: Wed, 1 Mar 2017 13:09:14 +0100 Subject: [PATCH] Fix XSS in alertify logs --- www/common/cryptpad-common.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 729d0468b..896042532 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -1351,11 +1351,11 @@ define([ }; common.log = function (msg) { - Alertify.success(msg); + Alertify.success(fixHTML(msg)); }; common.warn = function (msg) { - Alertify.error(msg); + Alertify.error(fixHTML(msg)); }; /*