[SECURITY] Fix XSS in global admin mode

2019-07-10 14:52:58 +02:00
parent eaf6da7272
commit 6d6cd3b7cf
1 changed files with 2 additions and 2 deletions
--- a/src/pretix/static/pretixcontrol/js/ui/main.js
+++ b/src/pretix/static/pretixcontrol/js/ui/main.js
@@ -632,9 +632,9 @@ $(function () {
        }
        $.getJSON(url + '?pk=' + id, function (data) {
            if ($a.parent().tagName === "p") {
-                $("<pre>").html(JSON.stringify(data.data, null, 2)).insertAfter($a.parent());
+                $("<pre>").text(JSON.stringify(data.data, null, 2)).insertAfter($a.parent());
            } else {
-                $("<pre>").html(JSON.stringify(data.data, null, 2)).appendTo($a.parent());
+                $("<pre>").text(JSON.stringify(data.data, null, 2)).appendTo($a.parent());
            }
            $a.remove();
        });