From bb56770a19079e98ee1ed4d46bfe7fcb45d81894 Mon Sep 17 00:00:00 2001
From: Rodrigo Quelca <rodrigo@processmaker.com>
Date: Thu, 18 Jan 2024 19:08:33 +0000
Subject: [PATCH] PMCORE-4269: Stored XSS flaw in PM 3.8.3

---
 workflow/engine/templates/cases/caseChangeLog.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/workflow/engine/templates/cases/caseChangeLog.js b/workflow/engine/templates/cases/caseChangeLog.js
index 5e0980a76..3907b4f67 100644
--- a/workflow/engine/templates/cases/caseChangeLog.js
+++ b/workflow/engine/templates/cases/caseChangeLog.js
@@ -60,6 +60,7 @@ Ext.onReady(function () {
                             menuDisabled: true,
                             renderer: function (value, metaData, record, rowIndex, colIndex, store) {
                                 return "<b>"+value+"</b>";
+
                             }
                         },
                         {
@@ -69,7 +70,7 @@ Ext.onReady(function () {
                             dataIndex: 'previousValue',
                             menuDisabled: true,
                             renderer: function (value, p, record) {
-                                return value;
+                                return Ext.util.Format.htmlEncode(value);
                             }
                         },
                         {
@@ -79,7 +80,7 @@ Ext.onReady(function () {
                             dataIndex: 'currentValue',
                             menuDisabled: true,
                             renderer: function (value, p, record) {
-                                return value;
+                                return Ext.util.Format.htmlEncode(value);
                             }
                         },
                         {