From 19963c3073c985ba887daa6f3b00f3f820217d2b Mon Sep 17 00:00:00 2001
From: Lukas Zapletal <lzap+git@redhat.com>
Date: Wed, 11 Jun 2014 16:15:05 +0200
Subject: [PATCH] fixes #6149 - fixed XSS in host YAML view

---
 app/controllers/hosts_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/hosts_controller.rb b/app/controllers/hosts_controller.rb
index 0a091c9..279c781 100644
--- a/app/controllers/hosts_controller.rb
+++ b/app/controllers/hosts_controller.rb
@@ -175,7 +175,7 @@ class HostsController < ApplicationController
 
     begin
       respond_to do |format|
-        format.html { render :text => "<pre>#{@host.info.to_yaml}</pre>" }
+        format.html { render :text => "<pre>#{ERB::Util.html_escape(@host.info.to_yaml)}</pre>" }
         format.yml { render :text => @host.info.to_yaml }
       end
     rescue
-- 
1.9.3