N°6483 - Security hardening

2026-05-19 07:12:26 +02:00 · 2023-07-03 14:29:45 +02:00
parent 5a33fb7a6a
commit 764a170cd0
1 changed files with 2 additions and 2 deletions
--- a/js/search/search_form_criteria_enum.js
+++ b/js/search/search_form_criteria_enum.js
@@ -872,13 +872,13 @@ $(function()
 		// - Make a jQuery element for a list item
 		_makeListItemElement: function(sLabel, sValue, bInitChecked, bInitHidden,bObsolete, sAdditionalField)
 		{
-			var sEscapedLabel = $('<div />').text(sLabel).html();
+			var sEscapedLabel = CombodoSanitizer.EscapeHtml(sLabel, false);
 			if (bObsolete == 1)	{
 				sEscapedLabel = '<span class="object-ref-icon text_decoration"><span class="fas fa-eye-slash object-obsolete fa-1x fa-fw"></span></span>'+sEscapedLabel;
 			}
 			if (sAdditionalField != undefined )	{
-				sEscapedLabel = sEscapedLabel+'<br><i>'+sAdditionalField+'</i>';
+				sEscapedLabel = sEscapedLabel+'<br><i>'+CombodoSanitizer.EscapeHtml(sAdditionalField, false)+'</i>';
 			}
 			var oItemElem = $('<div></div>')