diff options
author | John McLear <john@mclear.co.uk> | 2018-01-31 08:25:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-31 08:25:59 +0000 |
commit | a03422b09468cdd5f192b05643311c705447588b (patch) | |
tree | 8e39b5f0e7ac17d3c05f84a542c0158f01dbdaf1 /src | |
parent | 626e58cc5af1db3691b41fca7b06c28ea43141b1 (diff) | |
parent | 38b1e0a35e42e4d2e1ff99afc598725c5f7f2a6a (diff) | |
download | etherpad-lite-a03422b09468cdd5f192b05643311c705447588b.zip |
Merge pull request #3313 from rhelmer/sanitize-window-location
better sanitize window location in error messages
Diffstat (limited to 'src')
-rw-r--r-- | src/static/js/pad_utils.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js index b83f21cf..9c1277a0 100644 --- a/src/static/js/pad_utils.js +++ b/src/static/js/pad_utils.js @@ -524,7 +524,7 @@ function setupGlobalExceptionHandler() { $("#editorloadingbox").css("padding", "10px"); $("#editorloadingbox").css("padding-top", "45px"); $("#editorloadingbox").html("<div style='text-align:left;color:red;font-size:16px;'><b>An error occurred</b><br>The error was reported with the following id: '" + errorId + "'<br><br><span style='color:black;font-weight:bold;font-size:16px'>Please press and hold Ctrl and press F5 to reload this page, if the problem persists please send this error message to your webmaster: </span><div style='color:black;font-size:14px'>'" - + "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>"); + + "ErrorId: " + errorId + "<br>URL: " + padutils.escapeHtml(window.location.href) + "<br>UserAgent: " + userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>"); } //send javascript errors to the server |