]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2314067)
Files: Fix XSS when creating dropshadow
authorRobin Appelman <icewind@owncloud.com>
Mon, 22 Apr 2013 19:54:25 +0000 (21:54 +0200)
committerRobin Appelman <icewind@owncloud.com>
Mon, 22 Apr 2013 19:55:54 +0000 (21:55 +0200)
apps/files/js/files.js patch | blob | history

diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 7e3caf71a03ce52fc79c081fc134e7d7a31e771d..a2d17fae7d2f48d207f4eb74ac07d957fe272834 100644 (file)
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -757,9 +757,9 @@ var createDragShadow = function(event){
        var dir=$('#dir').val();
 
        $(selectedFiles).each(function(i,elem){
-               var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">'
-                                               +'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>'
-                                        +'</tr>');
+               var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name);
+               newtr.append($('<td/>').addClass('filename').text(elem.name));
+               newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size)));
                tbody.append(newtr);
                if (elem.type === 'dir') {
                        newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')');
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server