[KNOWAGE-6438] - Added escaping for doc description special chars

matmassa · matmassa · commit 2a54f27d83a0 · 2022-02-11T15:39:17.000+01:00
diff --git a/knowagecockpitengine/src/main/webapp/WEB-INF/jsp/commons/angular/sbiModule.jspf b/knowagecockpitengine/src/main/webapp/WEB-INF/jsp/commons/angular/sbiModule.jspf
@@ -19,7 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 <%@page import="org.json.JSONObject"%>
 <%@page import="java.util.regex.Matcher"%>
 <%@page import="java.util.regex.Pattern"%>
-
+<%@page import="org.apache.commons.lang.StringEscapeUtils"%>
 <script>
 
 var sbiM=angular.module('sbiModule',["ngSanitize"]);
@@ -851,7 +851,7 @@ sbiM.factory('sbiModule_cockpitDocument', function(){
 		docId: <%= docId %>,
 		docLabel: '<%= docLabel %>',
 		docName: '<%= docName.replaceAll(Pattern.quote("'"), Matcher.quoteReplacement("\\'")) %>',
-		docDescription: '<%= docDescription %>'
+		docDescription: '<%= StringEscapeUtils.escapeJavaScript(docDescription) %>'
 	}
 });
 
