Details
Description
The escapeJs function in openmrs-module-uiframework/api/src/main/java/org/openmrs/ui/framework/UiUtils.java does not escape backslash, so a patient named
Foo \"}];alert(0);[// Bar
would cause trouble.
In openmrs-module-registrationapp/omod/src/webapp/pages/editSelection.gsp, seen at, for example, /registrationapp/editSection.page:
<script type="text/javascript"> var breadcrumbs = [ { icon: "icon-home", link: '/' + OPENMRS_CONTEXT_PATH + '/index.htm' }, { label: "${ ui.escapeJs(ui.format(patient)) }", link: "${ ui.encodeHtml(returnUrl) }" }, { label: "${ ui.message(section.label) }" } ]; </script> <script type="text/javascript"> var breadcrumbs = [ { icon: "icon-home", link: '/' + OPENMRS_CONTEXT_PATH + '/index.htm' }, { label: "Foo \\"}];alert(0);[// Bar", link: "/openmrs/coreapps/clinicianfacing/patient.page?patientId=e0a08797-70c3-497f-ba7a-29ec32ea3baf&" }, { label: "Demographics" } ]; </script>