]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1d29636)
prevent potential XSS via unchecked use innerHTML 16599/head
authorMax Fichtelmann <max.fichtelmann@procilon.de>
Mon, 29 Jul 2019 15:48:33 +0000 (17:48 +0200)
committerMax Fichtelmann <max.fichtelmann@procilon.de>
Mon, 29 Jul 2019 16:16:37 +0000 (18:16 +0200)
Signed-off-by: Max Fichtelmann <max.fichtelmann@procilon.de>
apps/theming/js/3rdparty/jscolor/jscolor.js patch | blob | history

diff --git a/apps/theming/js/3rdparty/jscolor/jscolor.js b/apps/theming/js/3rdparty/jscolor/jscolor.js
index 2bdd4607b41c77ced2c4a9fcd766426bd9dc1565..cad36eab92ab7b84a4991ceced081f40b0302ae7 100644 (file)
--- a/apps/theming/js/3rdparty/jscolor/jscolor.js
+++ b/apps/theming/js/3rdparty/jscolor/jscolor.js
@@ -1100,7 +1100,7 @@ var jsc = {
                                if (jsc.isElementType(this.valueElement, 'input')) {
                                        this.valueElement.value = value;
                                } else {
-                                       this.valueElement.innerHTML = value;
+                                       this.valueElement.innerHTML = _.escape(value);
                                }
                        }
                        if (!(flags & jsc.leaveStyle)) {
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server