escaping extra html in annotate tooltip

tulinkry · Vladimir Kotal · commit e6cb439e5d5d · 2019-02-18T09:05:27.000+01:00
fixes #2671
diff --git a/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Scripts.java b/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Scripts.java
@@ -105,7 +105,7 @@ public String toHtml() {
         SCRIPTS.put("jquery-tablesorter", new FileScript("js/jquery-tablesorter-2.26.6.min.js", 12));
         SCRIPTS.put("tablesorter-parsers", new FileScript("js/tablesorter-parsers-0.0.1.js", 13));
         SCRIPTS.put("searchable-option-list", new FileScript("js/searchable-option-list-2.0.6.js", 14));
-        SCRIPTS.put("utils", new FileScript("js/utils-0.0.28.js", 15));
+        SCRIPTS.put("utils", new FileScript("js/utils-0.0.29.js", 15));
         SCRIPTS.put("repos", new FileScript("js/repos-0.0.1.js", 20));
         SCRIPTS.put("diff", new FileScript("js/diff-0.0.3.js", 20));
         SCRIPTS.put("jquery-caret", new FileScript("js/jquery.caret-1.5.2.min.js", 25));
diff --git a/opengrok-web/src/main/webapp/js/utils-0.0.29.js b/opengrok-web/src/main/webapp/js/utils-0.0.29.js
@@ -1703,7 +1703,7 @@ function domReadyMast() {
                     $("<dt>").text(definitions.shift().trim()).appendTo($el);
                     var $dd = $("<dd>");
                     $.each(definitions.join(":").split("<br/>"), function (i, el) {
-                        $dd.append(el.trim());
+                        $dd.append(escapeHtml(el.trim()));
                         $dd.append($("<br/>"));
                     });
                     $dd.appendTo($el);
