escape before output, fixes #9041

author Arthur Schiwon <blizzz@owncloud.com>

Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)

committer Arthur Schiwon <blizzz@owncloud.com>

Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)
author Arthur Schiwon <blizzz@owncloud.com>
Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)
committer Arthur Schiwon <blizzz@owncloud.com>
Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)
diff --git a/settings/js/users/deleteHandler.js b/settings/js/users/deleteHandler.js

index 9cbe7cd514d09712a780a2ba32b14ed2a5b6057f..2d8b4499ee891e38b24d51e7ca84af88f80d46d2 100644 (file)
--- a/settings/js/users/deleteHandler.js
+++ b/settings/js/users/deleteHandler.js
@@ -94,7 +94,7 @@ DeleteHandler.prototype.showNotification = function() {
                 }
                 $('#notification').data(this.notificationDataID, true);
                 var msg = this.notificationMessage.replace(this.notificationPlaceholder,
-                                                                                       this.oidToDelete);
+                                                                                       escapeHTML(this.oidToDelete));
                 this.notifier.showHtml(msg);
         }
  };
author	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)
committer	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 16 Jun 2014 11:44:41 +0000 (13:44 +0200)