From f318f7c0ddac7dfd2b1f246fd8f488d9dfc3a4bf Mon Sep 17 00:00:00 2001 From: mokaddem Date: Thu, 29 Jul 2021 13:44:11 +0200 Subject: [PATCH] fix: [security] Stored XSS when viewing galaxy cluster elements in JSON format --- app/View/GalaxyElements/ajax/index.ctp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/View/GalaxyElements/ajax/index.ctp b/app/View/GalaxyElements/ajax/index.ctp index 24290c49b..9bc542e09 100644 --- a/app/View/GalaxyElements/ajax/index.ctp +++ b/app/View/GalaxyElements/ajax/index.ctp @@ -83,7 +83,7 @@ if ($context == 'JSONView') { echo $this->element('/genericElements/IndexTable/index_table', $indexOptions); if ($context == 'JSONView') { - echo sprintf('
%s
', json_encode($JSONElements)); + echo sprintf('
%s
', json_encode(h($JSONElements))); } ?>