From a6c46eefb74f31c500ca7735befc9486e2d148b5 Mon Sep 17 00:00:00 2001
From: Rangashivani <ranga.shivani@hitachivantara.com>
Date: Mon, 28 Oct 2024 11:30:02 +0000
Subject: [PATCH] [PPP-5351]-XSS Findings For Data-Access
 ,Pentaho-platform-plugin-dashboards

---
 .../src/main/resources/resources/web/messages/Messages.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/assemblies/data-access-plugin/src/main/resources/resources/web/messages/Messages.js b/assemblies/data-access-plugin/src/main/resources/resources/web/messages/Messages.js
index 9b6945689..ddae3bb1a 100644
--- a/assemblies/data-access-plugin/src/main/resources/resources/web/messages/Messages.js
+++ b/assemblies/data-access-plugin/src/main/resources/resources/web/messages/Messages.js
@@ -12,9 +12,10 @@
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
-* Copyright (c) 2002-2017 Hitachi Vantara..  All rights reserved.
+* Copyright (c) 2002-2024 Hitachi Vantara..  All rights reserved.
 */
 
+define(["common-ui/util/xss"], function(xssUtil) {
 Messages = function()
 {
 };
@@ -49,7 +50,7 @@ Messages.entityDecoder=document.createElement('textarea');
 Messages.html_entity_decode = function(str)
 {
     try{
-        Messages.entityDecoder.innerHTML = str; 
+        xssutil.setHtml(Messages.entityDecoder, str)
         var value = Messages.entityDecoder.value;
         value = unescape(value);
         return value;
@@ -117,8 +118,9 @@ var cnt = 0;
 		element = elementOrId;
 	}
 	if (element) {
-		element.innerHTML = Messages.getString(msgKey);
+		xssutil.setHtml(element, Messages.getString(msgKey));
 	}
 };
 /* static init */
 Messages.init();
+});
\ No newline at end of file