refs #3813 escape tooltip content for visitorlog to fix possible XSS

matomo-org · Apr 21, 2013 · c1eb200 · c1eb200
1 parent 519df00
commit c1eb200
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/plugins/Live/templates/visitorLog.tpl b/plugins/Live/templates/visitorLog.tpl
@@ -340,7 +340,8 @@
                         show: false,
                         hide: false,
                         content: function() {
-                            return $(this).attr('title').replace(/\n/g, '<br />');
+                            var title = $(this).attr('title');
+                            return $('<a>').text( title ).html().replace(/\n/g, '<br />');
                         },
                         tooltipClass: 'small'
                     });