From 02ca80d843b4397f44956a91a357b4cb99b93cd6 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 31 Jul 2015 21:37:22 +0200
Subject: [PATCH] (mvc) add some basic sanitization to api output

---
 .../mvc/app/controllers/OPNsense/Base/ApiControllerBase.php     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
index 3113ce5c9..36c72db6e 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -90,7 +90,7 @@ class ApiControllerBase extends ControllerRoot
             $data = $dispatcher->getReturnedValue();
             if (is_array($data)) {
                 $this->response->setContentType('application/json', 'UTF-8');
-                echo json_encode($data) ;
+                echo htmlspecialchars(json_encode($data), ENT_NOQUOTES);
             }
         }