From aee9487e8176061ee150c18987b794e35bf2b5a6 Mon Sep 17 00:00:00 2001
From: ale <ale@ale-VirtualBox>
Date: Tue, 19 Jan 2021 19:27:07 +0100
Subject: [PATCH] Escaping html tag to prevent xss

---
 xmppserver/src/main/webapp/group-delete.jsp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xmppserver/src/main/webapp/group-delete.jsp b/xmppserver/src/main/webapp/group-delete.jsp
index da3b07b669..1ac3de41e1 100644
--- a/xmppserver/src/main/webapp/group-delete.jsp
+++ b/xmppserver/src/main/webapp/group-delete.jsp
@@ -85,7 +85,7 @@
 
 <p>
 <fmt:message key="group.delete.hint_info" />
-<b><a href="group-edit.jsp?group=<%= URLEncoder.encode(group.getName(), "UTF-8")%>"><%= group.getName() %></a></b>
+<b><a href="group-edit.jsp?group=<%= URLEncoder.encode(group.getName(), "UTF-8")%>"><%= StringUtils.escapeHTMLTags(group.getName()) %></a></b>
 <fmt:message key="group.delete.hint_info1" />
 </p>