From 6d6cd3b7cf2e5df2bf77eeefe75f5942f01c898c Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Wed, 10 Jul 2019 14:52:58 +0200
Subject: [PATCH] [SECURITY] Fix XSS in global admin mode

---
 src/pretix/static/pretixcontrol/js/ui/main.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/static/pretixcontrol/js/ui/main.js b/src/pretix/static/pretixcontrol/js/ui/main.js
index 7131b43bc..8934b7c8b 100644
--- a/src/pretix/static/pretixcontrol/js/ui/main.js
+++ b/src/pretix/static/pretixcontrol/js/ui/main.js
@@ -632,9 +632,9 @@ $(function () {
         }
         $.getJSON(url + '?pk=' + id, function (data) {
             if ($a.parent().tagName === "p") {
-                $("<pre>").html(JSON.stringify(data.data, null, 2)).insertAfter($a.parent());
+                $("<pre>").text(JSON.stringify(data.data, null, 2)).insertAfter($a.parent());
             } else {
-                $("<pre>").html(JSON.stringify(data.data, null, 2)).appendTo($a.parent());
+                $("<pre>").text(JSON.stringify(data.data, null, 2)).appendTo($a.parent());
             }
             $a.remove();
         });