Files: Fix XSS when creating dropshadow

author Robin Appelman <icewind@owncloud.com>

Mon, 22 Apr 2013 19:54:25 +0000 (21:54 +0200)

committer Robin Appelman <icewind@owncloud.com>

Sun, 28 Apr 2013 17:33:54 +0000 (19:33 +0200)
author Robin Appelman <icewind@owncloud.com>
Mon, 22 Apr 2013 19:54:25 +0000 (21:54 +0200)
committer Robin Appelman <icewind@owncloud.com>
Sun, 28 Apr 2013 17:33:54 +0000 (19:33 +0200)
diff --git a/apps/files/js/files.js b/apps/files/js/files.js

index 6c5536aafab7db669a06fc13e5425c287c5ebfe1..19b641cb60a7ec2f0d420a1d84a71452c3924d80 100644 (file)
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -859,9 +859,9 @@ var createDragShadow = function(event){
         var dir=$('#dir').val();
  
         $(selectedFiles).each(function(i,elem){
-               var newtr = $('<tr data-dir="'+dir+'" data-filename="'+elem.name+'">'
-                                               +'<td class="filename">'+elem.name+'</td><td class="size">'+humanFileSize(elem.size)+'</td>'
-                                        +'</tr>');
+               var newtr = $('<tr/>').attr('data-dir', dir).attr('data-filename', elem.name);
+               newtr.append($('<td/>').addClass('filename').text(elem.name));
+               newtr.append($('<td/>').addClass('size').text(humanFileSize(elem.size)));
                 tbody.append(newtr);
                 if (elem.type === 'dir') {
                         newtr.find('td.filename').attr('style','background-image:url('+OC.imagePath('core', 'filetypes/folder.png')+')');
author	Robin Appelman <icewind@owncloud.com>
	Mon, 22 Apr 2013 19:54:25 +0000 (21:54 +0200)
committer	Robin Appelman <icewind@owncloud.com>
	Sun, 28 Apr 2013 17:33:54 +0000 (19:33 +0200)