From 7ca14d2d8984a9a50d2140b7a13693a6a3fdd4ea Mon Sep 17 00:00:00 2001
From: Abel Coronado <acoronado@opennebula.org>
Date: Thu, 26 Oct 2017 11:09:37 +0200
Subject: [PATCH] B #5502: Script injection in SPICE viewer (#546)

---
 src/sunstone/sunstone-server.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb
index 922ac715a7..7f951a6b3f 100755
--- a/src/sunstone/sunstone-server.rb
+++ b/src/sunstone/sunstone-server.rb
@@ -523,6 +523,7 @@ get '/spice' do
     if !authorized?
         erb :login
     else
+        params[:title] = CGI::escape(params[:title])
         erb :spice
     end
 end