From 0df6f0c0ae1ae6c2d7d4394bc6f130889cc2a35e Mon Sep 17 00:00:00 2001
From: Spencer Gibb <spencer@gibb.us>
Date: Mon, 5 Oct 2015 09:29:02 -0600
Subject: [PATCH] fix(title-xss): escaping text acquired from parameters to
 avoid any xss attacks

https://github.com/Netflix/Hystrix/pull/921
---
 .../src/main/resources/templates/hystrix/monitor.ftl          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl b/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl
index c4c8e3c6..24607e1d 100644
--- a/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl
+++ b/spring-cloud-netflix-hystrix-dashboard/src/main/resources/templates/hystrix/monitor.ftl
@@ -101,9 +101,9 @@
 			var poolStream = "${contextPath}/proxy.stream?origin=" + stream;
 			
 			if(getUrlVars()["title"] != undefined) {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(getUrlVars()["title"]))
 			} else {
-				$('#title_name').html("Hystrix Stream: " + decodeURIComponent(stream))
+				$('#title_name').text("Hystrix Stream: " + decodeURIComponent(stream))
 			}
 		}
 		console.log("Command Stream: " + commandStream)