From 76cd96de19e5ac5b1be0c2afc9abf9f23ad71be1 Mon Sep 17 00:00:00 2001
From: Kernel32 <deli82@gmail.com>
Date: Mon, 3 Feb 2020 22:15:57 +0100
Subject: [PATCH] Sanitize userInfoJson

---
 .../src/main/webapp/WEB-INF/tags/header.tag                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
index f4b4430cf9..ce8c64f160 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
@@ -55,7 +55,7 @@
     	
 		// get the info of the current user, if available (null otherwise)
     	function getUserInfo() {
-    		return ${userInfoJson};
+    		return ${fn:escapeXml(userInfoJson)};
     	}
 		
 		// get the authorities of the current user, if available (null otherwise)