Fixed XSS issue with file based dashboards, was really casued by an issue with alertSrv accepting html in message alerts

2025-02-25 18:55:37 -06:00 · 2015-04-29 15:50:47 +02:00
parent 5175cf70ef
commit d10ce90936
3 changed files with 3 additions and 3 deletions
--- a/public/views/index.html
+++ b/public/views/index.html
@@ -35,7 +35,7 @@
 						<i class="fa fa-times-circle"></i>
 					</button>
 					<div class="alert-title">{{alert.title}}</div>
-					<div ng-bind-html='alert.text'></div>
+					<div ng-bind='alert.text'></div>
 				</div>
 			</div>