From e61ca2b205ab3f94c4e8bbde23ee67eb733e430b Mon Sep 17 00:00:00 2001
From: Ashish Kataria <88022674+ashishkataria86@users.noreply.github.com>
Date: Mon, 7 Oct 2024 15:33:02 +0530
Subject: [PATCH] ZBUG-4288

---
 common/src/java/com/zimbra/common/util/Props2Js.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/common/src/java/com/zimbra/common/util/Props2Js.java b/common/src/java/com/zimbra/common/util/Props2Js.java
index 8376a5601f3..65f8095ba83 100644
--- a/common/src/java/com/zimbra/common/util/Props2Js.java
+++ b/common/src/java/com/zimbra/common/util/Props2Js.java
@@ -178,8 +178,7 @@ private static void printEscaped(DataOutputStream out, String s)
     } // printEscaped(PrintStream,String)
 
     public static String getCommentSafeString(String st) {
-        return st.replaceAll("<", "") //make sure you can't start a "script" tag within the comment cuz genius IE supposedly exectutes it
-        .replaceAll("\n", ""); //make sure no newline can be injected to start a malicious script too
+        return st.replaceAll("[^A-Za-z0-9_\\-./]", "");
     }
 
     public static void main(String[] argv) throws Exception {