diff options
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index 7b5343000..7ae623f32 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -44,6 +44,7 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; +import com.netscape.cms.servlet.common.CMSTemplate; /** * Toggle the approval state of a profile @@ -359,14 +360,14 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId))); outputTemplate(request, response, args); return; } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId))); outputTemplate(request, response, args); return; } |