]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: d39216c 603b6c1)
Merge pull request #8187 from owncloud/escape-more-character
authorMorris Jobke <hey@morrisjobke.de>
Mon, 2 Jun 2014 08:59:47 +0000 (10:59 +0200)
committerMorris Jobke <hey@morrisjobke.de>
Mon, 2 Jun 2014 08:59:47 +0000 (10:59 +0200)
Also encode > and '

1  2 
core/js/js.js patch | diff1 | diff2 | blob | history
core/js/tests/specs/coreSpec.js patch | diff1 | diff2 | blob | history

diff --cc core/js/js.js
index cf35d8aac6a9af972807cf823904d51fc180759b,b712da4bd029dfb3bd744f197c3b833d61713add..21a2d4c1b35c5317e29bfb91625c17585cae7d0e
--- 1/core/js/js.js
--- 2/core/js/js.js
+++ b/core/js/js.js
@@@ -149,12 -146,12 +149,12 @@@ function n(app, text_singular, text_plu
  }
  
  /**
 -* Sanitizes a HTML string
 -* @param s string
 -* @return Sanitized string
 +* Sanitizes a HTML string by replacing all potential dangerous characters with HTML entities
 +* @param {string} s String to sanitize
 +* @return {string} Sanitized string
  */
  function escapeHTML(s) {
-       return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('"').join('&quot;');
+       return s.toString().split('&').join('&amp;').split('<').join('&lt;').split('>').join('&gt;').split('"').join('&quot;').split('\'').join('&#039;');
  }
  
  /**
diff --cc core/js/tests/specs/coreSpec.js
Simple merge
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server