Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixes JENKINS-32652.
Escape the display name in order to avoid injection of HTML or JS code.
  • Loading branch information
ialbors-pfc committed Feb 4, 2016
1 parent a74fd19 commit bd95c4d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/main/java/hudson/plugins/nextexecutions/NextBuilds.java
Expand Up @@ -21,6 +21,7 @@
import org.joda.time.format.PeriodFormatterBuilder;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import hudson.Util;

/**
* Provides a way to get the project's next execution date.
Expand All @@ -34,7 +35,7 @@ public class NextBuilds implements Comparable, Describable<NextBuilds>{

public NextBuilds(AbstractProject project, Calendar date) {
this.project = project;
this.name = project.getDisplayName();
this.name = Util.escape(project.getDisplayName());
this.date = date;
}

Expand Down

0 comments on commit bd95c4d

Please sign in to comment.