From 409ecf7fd5923e914274bbc8609b6fa6d75a788c Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Wed, 14 Aug 2019 22:19:50 +0200
Subject: [PATCH] [Web] Fixed one more possible XSS

XSS might be possible when using a specific-crafted request (harder than previous ones). Might also easily cause JS errors and making the "mailcow UI"-logs not accessible anymore
---
 data/web/js/site/debug.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 6888f39e..10441874 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -564,6 +564,7 @@ jQuery(function($){
       $.each(data, function (i, item) {
         if (item === null) { return true; }
         item.user = escapeHtml(item.user);
+        item.call = escapeHtml(item.call);
         item.task = '<code>' + item.task + '</code>';
         item.type = '<span class="label label-' + item.type + '">' + item.type + '</span>';
       });