diff --git a/library/Icinga/Web/Widget/AbstractWidget.php b/library/Icinga/Web/Widget/AbstractWidget.php
index 37fb7ad36..962bcc210 100644
--- a/library/Icinga/Web/Widget/AbstractWidget.php
+++ b/library/Icinga/Web/Widget/AbstractWidget.php
@@ -118,7 +118,7 @@ abstract class AbstractWidget
try {
$html = $this->render($this->view());
} catch (Exception $e) {
- return htmlspecialchars($e->getMessage());
+ return $this->escape($e->getMessage());
}
return (string) $html;
}
diff --git a/library/Icinga/Web/Widget/AlertMessageBox.php b/library/Icinga/Web/Widget/AlertMessageBox.php
index 09016f490..69113912e 100644
--- a/library/Icinga/Web/Widget/AlertMessageBox.php
+++ b/library/Icinga/Web/Widget/AlertMessageBox.php
@@ -124,7 +124,7 @@ class AlertMessageBox extends AbstractWidget
$alert = $this->states[$level];
$html .= '' .
$this->view()->icon($alert['icon']) .
- '' . htmlspecialchars($message->getMessage()) . '' .
+ '' . $this->escape($message->getMessage()) . '' .
'
';
}
return $html;
diff --git a/library/Icinga/Web/Widget/Chart/InlinePie.php b/library/Icinga/Web/Widget/Chart/InlinePie.php
index e4621ba09..8a36dbf01 100644
--- a/library/Icinga/Web/Widget/Chart/InlinePie.php
+++ b/library/Icinga/Web/Widget/Chart/InlinePie.php
@@ -24,7 +24,7 @@ class InlinePie extends AbstractWidget
const NUMBER_FORMAT_TIME = 'time';
const NUMBER_FORMAT_BYTES = 'bytes';
const NUMBER_FORMAT_RATIO = 'ratio';
-
+
/**
* The template string used for rendering this widget
* The template string used for rendering this widget
@@ -137,7 +137,7 @@ EOD;
* @var string
*/
private $tooltipFormat = '{{title}} {{label}}: {{formatted}} ({{percent}}%)';
-
+
/**
* The number format used to render numeric values in tooltips
*
@@ -212,7 +212,7 @@ EOD;
{
$this->format = $format;
}
-
+
/**
* A format string used to render the content of the piechart tooltips
*
@@ -346,11 +346,11 @@ EOD;
{
$template = $this->template;
$template = str_replace('{url}', $this->url, $template);
-
+
// style
$template = str_replace('{width}', $this->width, $template);
$template = str_replace('{height}', $this->height, $template);
- $template = str_replace('{title}', htmlspecialchars($this->title), $template);
+ $template = str_replace('{title}', $this->escape($this->title), $template);
$template = str_replace('{style}', $this->style, $template);
$template = str_replace('{colors}', implode(',', $this->colors), $template);
$template = str_replace('{borderWidth}', $this->borderWidth, $template);
@@ -370,9 +370,9 @@ EOD;
foreach ($this->data as $key => $value) {
$formatted[$key] = $this->formatValue($value);
}
- $template = str_replace('{data}', htmlspecialchars(implode(',', $data)), $template);
- $template = str_replace('{formatted}', htmlspecialchars(implode('|', $formatted)), $template);
- $template = str_replace('{labels}', htmlspecialchars($this->createLabelString()), $template);
+ $template = str_replace('{data}', $this->escape(implode(',', $data)), $template);
+ $template = str_replace('{formatted}', $this->escape(implode('|', $formatted)), $template);
+ $template = str_replace('{labels}', $this->escape($this->createLabelString()), $template);
$template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template);
return $template;
}
diff --git a/library/Icinga/Web/Widget/Tabs.php b/library/Icinga/Web/Widget/Tabs.php
index cd480ba32..25f88533b 100644
--- a/library/Icinga/Web/Widget/Tabs.php
+++ b/library/Icinga/Web/Widget/Tabs.php
@@ -259,7 +259,7 @@ EOT;
try {
$html = $this->render(Icinga::app()->getViewRenderer()->view);
} catch (Exception $e) {
- return htmlspecialchars($e->getMessage());
+ return $this->escape($e->getMessage());
}
return $html;
}