use sanitizeHTML() function

diff --git a/apps/calendar/ajax/events.php b/apps/calendar/ajax/events.php
index 8024a5419eb9e34c643d2512d6af39a6adbe977d..8618d4a49f00d8b5916e21029966dc1c5471a52a 100644 (file)
--- a/apps/calendar/ajax/events.php
+++ b/apps/calendar/ajax/events.php
@@ -32,4 +32,4 @@ $output = array();
 foreach($events as $event){
        $output = array_merge($output, OC_Calendar_App::generateEventOutput($event, $start, $end));
 }
-OCP\JSON::encodedPrint($output);
+OCP\JSON::encodedPrint(OCP\Util::sanitizeHTML($output));

diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index 6e0ff580b1ae9484c4535daed1b76c02d82d36c4..bc012a68c4b5994a8fa40ebef24fc8435c9dbe50 100644 (file)
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -824,7 +824,7 @@ $(document).ready(function(){
                eventDrop: Calendar.UI.moveEvent,
                eventResize: Calendar.UI.resizeEvent,
                eventRender: function(event, element) {
-                       element.find('.fc-event-title').html(element.find('.fc-event-title').text());
+                       element.find('.fc-event-title').html(element.find('.fc-event-title').html());
                        element.tipsy({
                                className: 'tipsy-event',
                                opacity: 0.9,

diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index 9e4806227b06561c894ca0b7c8007c3a17e4a2b1..4212bf5a32c1cf1095097628dfd769250d03c106 100644 (file)
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -600,8 +600,8 @@ class OC_Calendar_Object{
 
        public static function updateVCalendarFromRequest($request, $vcalendar)
        {
-               $title = strip_tags($request["title"]);
-               $location = strip_tags($request["location"]);
+               $title = $request["title"];
+               $location = $request["location"];
                $categories = $request["categories"];
                $allday = isset($request["allday"]);
                $from = $request["from"];
@@ -611,7 +611,7 @@ class OC_Calendar_Object{
                        $totime = $request['totime'];
                }
                $vevent = $vcalendar->VEVENT;
-               $description = strip_tags($request["description"]);
+               $description = $request["description"];
                $repeat = $request["repeat"];
                if($repeat != 'doesnotrepeat'){
                        $rrule = '';