fix(title-xss): escaping text acquired from parameters to avoid any x…

…ss attacks
Netflix · Oct 6, 2015 · 7c5003d · 7c5003d
1 parent c5eb45b
commit 7c5003d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/hystrix-dashboard/src/main/webapp/monitor/monitor.html b/hystrix-dashboard/src/main/webapp/monitor/monitor.html
@@ -94,9 +94,9 @@ <h2><span id="title_name"></span></h2>
 			}
 
 			if(getUrlVars()["title"] != undefined) {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
 			} else {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
 			}
 
             //do not show authorization in stream title