From 4f25a3646edf295a54b307b8b82377fbc09f0934 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 14 Aug 2019 00:22:40 +0200
Subject: [PATCH] Fixed several other XSS's

---
 data/web/js/site/debug.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index ddf7e0cb..6888f39e 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -482,6 +482,7 @@ jQuery(function($){
         }
         item.symbols[key].str = str;
       });
+      item.subject = escapeHtml(item.subject);
       item.symbols = Object.keys(item.symbols).
       map(function(key) {
         return item.symbols[key];
@@ -526,6 +527,8 @@ jQuery(function($){
       $.each(data, function (i, item) {
         if (item.ua == null) {
           item.ua = 'unknown';
+        } else {
+          item.ua = escapeHtml(item.ua);
         }
         item.ua = '<span style="font-size:small">' + item.ua + '</span>';
         if (item.service == "activesync") {
@@ -535,7 +538,7 @@ jQuery(function($){
           item.service = '<span class="label label-success">IMAP, SMTP, Cal-/CardDAV</span>';
         }
         else {
-          item.service = '<span class="label label-danger">' + item.service + '</span>';
+          item.service = '<span class="label label-danger">' + escapeHtml(item.service) + '</span>';
         }
       });
     } else if (table == 'watchdog') {